An Overview Of PKI Certificate Basics
The use of PKI certificates and PKI technology is not new. It can be traced back the British Intelligence Agencies long before Netscape developed Secure Sockets Layer (SSL) in the mid-1990s.
While PKI is an essential part of the SSL/TLS products used to provide assurance, trust and encrypted data transfer on the web, it can also be used as a technology to secure documents sent by email.
To understand the importance and relevance of the technology, let's start with some PKI certificate basics. This will be important if you are new to online security and trust products and will be important in seeing the relevance they will have for your business, company or organization.
The Five Components
You will hear CAs (Certificate Authorities) as well as IT administrators talk about the five different components, elements or essential functions that the Public Key Infrastructure is designed to accomplish and provide. These include:
- Authentication - this allows a specific and recognized format for identification of the source of information or the authenticity of the site or individual. This is provided with SSL/TLS products that are known as digital certificates.
- Confidentiality - by encrypting data before it is sent, either by a public or a private key, there is no way that any third party not having the corresponding public or private key can decrypt the information. This makes the information exchanged confidential between the sender and the receiver exclusively.
- Integrity - through a process called message hashing, where the message is converted into a short digital version, the integrity of the message can be verified to show it has not been altered after the digital signature is provided.
- Non-repudiation - this is achieved through a digital signature. The digital signature can only be provided by the owner of the private key, which verifies the sender is who he or she says they are. This prevents someone from saying he or she did not send the email, an important aspect of creating legally binding contracts and documents online.
- Access Control - this is the method by which specific individual have the ability to access the information. The use of the public and private keys controls this access.
The use of digital signatures is one of the most important issues in PKI certificate basics. These signatures lock in the data as entered by the sender. Unlike the SSL/TLS products where the public key is used to create the encryption and the private key is used to decrypt on the server, with email it is the opposite.
Here, the private signing key, which is maintained on the device of the sender, creates the verification that the sender is whom he or she indicates and that the message has not been altered.
This second part is done through what is called a hashing algorithm. The information in the message is reduced, through the hashing algorithm, to a very small file. This is known as a message digest. Once this hashing has occurred, there is no way to change the information contained in the message. Even the sender cannot "undo" the hashing process.
When the receiver's computer sees the digital signature, it uses the respective public key to read the hash or the message digest file. If this is not the same or has any of the components altered it will notify the receiver that the message has been tampered with.
However, it also serves to protect the receiver as the sender is the only person who can access the private key, through their secure login, to create the hash and the digital signature. In the event that a private key may have been compromised through a breach or some type of security issue, the CA (Certificate Authority) can revoke the digital certificate, eliminating that specific private and public key pair.
The challenge is in identifying if this type of breach has occurred. This is where the CA and the digital certificate comes into focus as part of the essential PKI certificate basics. The certificate links a specific individual to a specific certificate and the certificate to the particular public and private key set.
The CA is the third party verifying the authenticity of the individual or the device. As a trusted Certificate Authority recognized by 99.9% of browsers and devices, Comodo has the ability to provide more than just PKI certificate basics in security and trust.
To learn more about how Comodo can secure your emails, see us at https://www.instantssl.com or give us a call at +1 888 266 6361. We can also tell you more about PKI certificate basics to see if this is a product that your business needs.