The Essential PKI Certificate For Dummies
At Comodo, we understand that the world of internet security and trust is a very complicated thing. We also understand that many of our customers are not IT professionals, so we have created a short guide, sort of a PKI certificate for dummies overview that may also be a great refresher even for those in the industry.
First, it is important to realize that we are only calling this guide the PKI certificate for dummies. Everyone has to learn the basics of new types of options in securing your website and emails, so it is important not to feel uncomfortable in reading about the basics and getting a strong foundational understanding.
For those that are more advanced, we provide the Comodo forums as well as the Comodo knowledgebase that allows you to pinpoint the specific question you have about any aspect of the life cycle of your SSL/TLS certificate or the PKI certificate.
What is PKI?
The first step in any PKI certificate for dummies guide should be some basic definitions and explanations. By going over this information, you will begin to understand the basics of PKI and how it is beneficial to businesses as well as private individuals for both web server or server security and protection of information as well as for email.
First, it is important to understand that PKI or Public Key Infrastructure is not a specific entity or a "thing." Rather, it is a process, framework and group of technologies that are used to create a secure way to provide an infrastructure.
The actual components that you will use of the Public Key Infrastructure are the digital certificates and digital signatures. In addition, and behind the scenes, the use of PKI will also allow your emails to be encrypted and decrypted through a set of public and private keys.
These keys are not really keys at all, but rather long strings of what appear to be randomly generated digits. This is where even the PKI certificate for dummies gets a bit complex, but it is essential to understand.
The Keys and the Certificate
The keys are actually keys to cryptography or a very advanced code. This code is used to encrypt data before it is sent and then decrypt it at the other end. These long numerical strings are mathematically related through complex programs that generate the pairs. The public key and the private key can only recognize data sent from each other, so they become the "locks" and "unlocks" on the data.
If you are familiar with the meaning of SSL, you have probably heard of the use of these paired keys before. This same Public Key Infrastructure is used with all SSL/TLS certificates, although in a slightly different way.
With the PKI certificates for email, the private key is kept on the device and used to sign the specific information from the email account on the certificate. The certificate or digital certificate is provided by Comodo, a Certificate Authority. As we are a trusted Certificate Authority with our root certificates embedded in 99.9% of browsers and devices, the certificate is accepted and trusting, giving your email that same level of trust with other email systems.
Encryption and Hashing
Once the sender has the certificate and the private key installed on the device, which is very simple and easy to do, any documents or emails you send will be encrypted by simply hitting the button that provides the digital signature.
This is done automatically. A mathematical algorithm runs that generates what is known as a hash message, which is a very short version of the original message. This is encrypted with your private key. Remember, you have to give the correct username and password to access your unique private key.
Then, the harsh message and the encrypted message are sent to the recipient of the email. His or her email will recognize the message has a digital signature. It will access the necessary public key and decrypt the message. It will also compare the decrypted message to the hash and if they are both the same, they know that the message was not altered after sending.
Additionally, through this process, there is the advantage of non-repudiation. In other words, the sender cannot later deny sending an email. This is important in business from a legal perspective, particularly when contracts or other types of binding documents are transmitted through email.
Don't be confused if you are still grasping with some of the concepts of this PKI certificate for dummies, read more on the website at https://www.instantssl.com or give us a call at +1 888 266 6361.