What Is Meant By Digital Signature Certificate?

Definition

A digital certificate is an attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.

Each certificate comes with a public and private portion, called “keys.” The public key is what you share with the world to allow them to verify your electronic signature and to send you encrypted messages that only you can decrypt. The private key is what you use to sign and what you use to decrypt. Protecting the private key portion of your certificates is very important. The programs that use certificates will help ensure that you share only the public keys.


 
SIGNING
ENCRYPTION
Public key
E mail address,
Code used to
 
expiration date changes
encrypt a message.
 
to document since
Only your private key
 
certificate was attached
can read that code
 
SIGNING
ENCRYPTION
PRIVATE KEY
E mail address,
code used to
 
expiration date
read a message
 
your personal
encrypted with
 
signature
your public key.

Verifying the signed certificate....

The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.

At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures digital . The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session .


Major Data Elements in an X.509 Certificate

  • Version number of certificate format
  •  Serial number (unique number from CA)
  •  Certificate signature algorithm
  •  Issuer (name of CA)
  •  Valid-from/valid-to dates
  •  Subject (name of company or person certified)
  •  Subject's public key and algorithm
  •  Digital signature created with CA's private key


Necessity for Digital Certificates

  • The primary use for certificates right now is with
    e‐mail on Windows, Mac, and Linux computers.
    File and folder encryption is available for
    Windows users. Certificates do not enable file
    folder encryption in Mac OS X.
  • Are you using e‐mail to send Category‐I data,
    such as human‐subjects research data, donor,
    legal, or health information to other faculty or
    staff? Certificates let you encrypt that
    information as long as both the sender and
    receiver have certificates.
  • Are you using a laptop or other portable device
    that has Category‐I data? Certificates can enable
    security options required by UT System.
  • Are you using e‐mail to send student grades or
    other information? Students are not
    included in the Digital Certificates service right
    now, so you won’t be able to encrypt messages
    to them using the Digital Certificates. You may
    want to think about secure options on UT Direct
    that are built to handle student information.
  • Do you mostly use a mobile device to stay in
    touch during the day? While you should be able
    to read signed messages on your BlackBerry,
    PDA, and almost any computer or Web‐based
    mail program, some devices won’t let you install
    certificates, so you may not be able to read
  •  If you don’t have your certificate files on the
    computer where you are reading e‐mail
    messages, you will not be able to read
    encrypted messages, nor send signed or
    encrypted messages. If there is potential that
    will spend the majority of your computer time
    where you can’t install certificates, they may
    provide limited value.
  • If you share a computer with someone else, talk
    to your desktop support staff about whether
    you should use certificates on that computer.

Backing up your certificates

It is important to have a backup copy of your signing and encryption files. A backup contains both your public and private keys, and it ensures that you can install the certificates on a new or rebuilt computer. Backups must be stored in a secure location to which only you have access.

You can ask your desktop support person to help you create a backup on WebSpace, CD, USB drive, or other media, but it would not be appropriate to ask that person to store the media for you. If you choose physical media, lock it up in a safe or cabinet to which only you have access. If you choose WebSpace, make sure you save the files in a folder that is not and will never be shared.

Comments 1 comment

gepeTooRs 8 months ago

You’re truly a excellent webmaster. The site loading pace is incredible. It seems that you’re doing any distinctive trick. In addition, The contents are masterwork. you have performed a fantastic job on this subject!

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working