A Simple Non-Technical PKI Certificate Explained
For many employees, their first time hearing of a PKI certificate may be when their company decides to implement this extra level of protection for their email. Most businesses today sending any type of sensitive information or legal documents such as contracts or agreements will now use Public Key Infrastructure technology.
If you are wondering what it is, there is a simple way to have a PKI certificate explained. By understanding what it does, it will easy to see how effective it is as a way to secure data that is being transmitted from your email to anyone you may be sending to.
Without Public Key Infrastructure
When you are sending emails now, before you have had the PKI certificate explained or the technology installed, you are basically sending text out to the internet in plain sight for anyone choosing to look.
This means that someone could intercept your message, make a change in the content of the message or in a file attached and then send it on. They could even add their own email in place of yours and literally continue to intercept everything. This is known as a man-in-the-middle attack.
This is only possible because there is no privacy or security on the email. Think if it like sending an old fashioned postcard through the mail. Anyone can read it and even make changes and neither the sender nor the receiver would know those changes had occurred.
With Public Key Infrastructure
It is important to realize that Public Key Infrastructure is the framework or the structure for securing information sent online. It includes a set of keys, one private and one public, which are used to lock and unlock the data.
Public Key Infrastructure is also used to protect the information you supply online when you make a purchase. You know to look for the padlock or the green address bar and you understand the meaning of SSL and its role in keeping your personal and financial information secure. It encrypts the information from the browser to the server, preventing it from being intercepted and stolen.
In our example of a PKI certificate explained let's use a real-life example. You have to send a contract from your company to a vendor for services. The contract provides information on the scope of the services, the agreed upon amount and how payments will be made.
When you have a PKI certificate installed, you have created a public key and a private key. The public key is bound to a certificate that provides information about you and verifies you are who you say you are. This is what we do as the Certificate Authority. We verify the information on the certificate is correct and that you are the person who is bound to that specific public key.
The private key only you have on your device. This is always kept private, but it is related to the public key that everyone can see through a complex mathematical algorithm.
When you want to send an email with the contract, you will click on the digital signature button and highlight the contract file. That private key then converts the information into a hash, a short, random string of numbers. The private key also encrypts the message.
This hash and encrypted message are sent to the receiver's email with the public key. This allows the recipient's email client to decrypt the message and compare it to the original hash. If they match, then there is no possibility that the information was tampered with in transit. If they do not the receiver will have a warning.
Once you have the use of the PKI certificate explained it makes perfect security sense. The receiver knows the contract came from you because the public key you sent could decrypt the message that was generated by the related private key only you can access.
Additionally, the receiver also knows that the document is legally binding as it could have only come from you, which builds trust and confidence. You also have trust and confidence that the person receiving the document is seeing your original file and not anything that has been altered or modified in any way.
At Comodo, we also provide a completely free PKI certificate for personal and home use. If you are using this technology at work and want to secure your personal emails, just give us a call a +1 888 266 6361 with any questions. You can also go online at https://www.instantssl.com and request your free PKI certificate and install it on your own.