¿What is a digital signature?

¿What is a digital certificate?

¿Which are the components of a typical digital certificate?

¿Which one is the digital certificate widely used in the internet?

¿What is an X.509 certificate?

¿What is a Certification Authority?

 

   ¿What is a digital signature?

 

A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.

Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. However, handwritten signatures are performed on paper. Each digital signature has the capability to store information that identifies the person who signed, valid for authenticity certified by a superior being.

Digital signatures employ a type of asymmetric cryptography. For messages sent through a non-secure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless.

As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide added assurances of the evidence to provenance, identity, and status of an electronic document as well as acknowledging informed consent and approval by a signatory.

     

  
  
¿What is a digital certificate?

It's an attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message iswho he or she claims to be, and to provide the receiver with the means to encode a reply.

An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available through printpublicity orperhaps on the Internet.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and thenobtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

The most widely used standard for digital certificates is X.509. 

     

   
    ¿Which are the components of a typical digital certificate?


When certificates are used as authentication mechanism, they contain:

Serial number: Used to uniquely identify the certificate.
Subject: The person or entity identified.
Public-key: Authentication of the subject (person or identity identified)
Key-Usage: Purpose of the public key (e.g. encipherment, signature, certificate signing...).
Issuer: The entity that verified the information and issued the certificate.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date of the certificate.
Signature Algorithm: The algorithm used to create the signature.

 

   
   ¿Which one is the digital certificate widely used in the internet?


X.509 is published as ITU recommendation ITU-T X.509 (formerly CCITT X.509) and ISO /IEC/ITU 9594-8 which defines a standard certificate format for public key certificates and certification validation. 

    

  
¿What is an X.509 certificate?

An X.509 certificate binds a name to a public key value. The role of the certificate is to associate a public key with the identity contained in the X.509 certificate. An X.509 certificate contains information about the certificate subject and the certificate issuer (the certification authority that issued the certificate). A certificate is encoded in Abstract Syntax Notation One (ASN.1), a standard syntax for describing messages that can be sent or received on a network.


Certificate filename extensions:


Common filename extensions for X-509 are:

.cer, .crt, .der: usually in binary DER form, but Base64-encoded certificates are common too.
.pem: (Private Enhanced Mail) Base64 encoded DER certificate, enclosed between"-----BEGIN CERTIFICATE-----"and "-----END CERTIFICATE-----".
.p7b, p7c: PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
.p12: PKCS#12, may contain certificate(s) (public) and private keys (password protected)


PKCS #7
Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination and single sign-on.

PKCS #12
Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key.
This container format can contain multiple embedded objects, such as multiple certificates. Usually protected/encrypted with a password.
 

     
    ¿What is a Certification Authority?


A Certification Authority (CA), is a trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private keypairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity.

CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be. 

 

 

 

 

 

 

 

© Copyright 2018. ITAC. / Diseño y Producción Sitio Web : ITAC : www.itac.co / Todos los derechos reservados. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.