An Overview OF PKI Certificate Authentication

Almost everyone today doing business online is aware of the need for security. Even if they don't know about PKI technology or how to read an SSL certificate, they know to look for the padlock in the address bar or, more recently the green address bar signifying top levels of validation.

Online consumers may not know the definition of SSL or how PKI certificate authentication works, but they know if it is not there they should not supply any personal or financial information to the site. Additionally, businesses doing B2 B (Business to Business) sales or even B2C (Business to Consumer) sales may even use authentication and security for email, particularly for transmitting contracts or other types of legal documents through email or online sources.

Encryption and Decryption Basics

PKI or Public Key Infrastructure is not in itself a specific application, but rather it is the framework use to provide SSL or the newer version of TLS to domains, subdomains and to email.

Through the use of this framework, it is possible to create security for a site or for an email account for a specific address. This is done through the use of public and private keys to complete the PKI certificate authentication.

As with any SSL/TLS product, there is a unique pair of keys that is generated for each application for a certificate. These keys include a public and a private key. The keys can be used to encrypt or decrypt and this will be slightly different based on the type of SSL/TLS product used.

Once something is encrypted using the key, it can only be decrypted (or read) by using the corresponding related key. This protects data being transferred as it becomes illegible through the encryption process and, without the decryption key, this is just how it remains.

The Digital Signature

Once PKI certificate authentication is completed and the certificate has been generated and installed, it is possible to digitally sign documents prior to sending.

This allows the sender to create the email and the document and then adds the digital signature. Think of this digital signature as a lock that goes onto the message. When the button to sign is clicked the private key for the sender creates a hash, which is a shorter number that is a mathematical rendition of the message.

This hash is sent with the email to the receiver. The receiving email system recognizes a digital signature is present and uses the public key to decrypt the hash. This is compared, by the computer, to the original message and notes if there is any tampering or changing of the information. If there is, the computer notifies the receiver that the message has been altered after the digital signature was applied.

Remember, the PKI certificate authentication works because the public key of the sender is related to the private key. This way, if someone were to attempt to try to forge a digital signature it wouldn't work as the private key would not be the correct one to match the certificate or the public key.

The same is true in that it provides non-repudiation. In other words, if the hash and the message match and there is no tampering with the digital signature, the sender cannot say he or she didn't send the message. In this fashion, PKI certificate authentication provides assurances for both the sender and the receiver as to the security of the message and the validity of the sender.

For B2B sales, contracts and other types of legal documents, the use of PKI certificate authentication turns any document sent by computer into a legally binding document that can be used in any way an actual signed hard copy of a document could be used.

As a trusted CA (Certificate Authority), Comodo is able to verify information from any applicant to grant or denied the application for a digital certificate. This includes the role of binding the public key to the certificate and then also placing the certificate into a public repository. Of course, the certificate also goes with the digital signature on the message, ensuring that the receiver will have the information needed to decrypt the message and verify it was from the authenticated sender.

At Comodo, we can help with any questions you may have on PKI and digital certificates. To get assistance call us at +1 888 266 6361 or get in touch through our live chat system on the website at

Related Articles
Back to TOP