The IT Law Wiki
Register
No edit summary
No edit summary
Line 10: Line 10:
 
[[public key]]. A digital certificate is created by placing the individual’s name, the individual’s [[public key]], and certain other identifying information in a small electronic document that is stored in a directory or other [[database]]. Directories may be publicly available repositories kept on [[server]]s that act like telephone books in which [[user]]s can look up others’ [[public key]]s. The digital certificate itself is created by a trusted third party called a [[certification authority]], which digitally signs the certificate, thus providing assurance that the [[public key]] contained in the certificate does indeed belong to the individual named in the certificate. [[Certification authorities]] are a main component of a [[PKI]], which uses cryptographic techniques to generate and manage digital certificates.
 
[[public key]]. A digital certificate is created by placing the individual’s name, the individual’s [[public key]], and certain other identifying information in a small electronic document that is stored in a directory or other [[database]]. Directories may be publicly available repositories kept on [[server]]s that act like telephone books in which [[user]]s can look up others’ [[public key]]s. The digital certificate itself is created by a trusted third party called a [[certification authority]], which digitally signs the certificate, thus providing assurance that the [[public key]] contained in the certificate does indeed belong to the individual named in the certificate. [[Certification authorities]] are a main component of a [[PKI]], which uses cryptographic techniques to generate and manage digital certificates.
 
 
  +
By linking an individual to his or her [[public key]], digital certificates help to provide assurance that digital signatures are used effectively. However, digital certificates are only as secure as the [[public key infrastructure]] that they are based on. For example, if an [[unauthorized user]] is able to obtain a [[private key]], the digital certificate could then be [[compromise]]d. In addition, [[user]]s of certificates are dependent on [[certification authorities]] to verify the digital certificates. If a valid [[certification authority]] is not used, or a [[certification authority]] makes a mistake or is the victim of a [[cyber attack]], a digital certificate may be ineffective.
 
   
 
[[Category:Security]]
 
[[Category:Security]]

Revision as of 23:11, 29 December 2007


A digital certificate is an electronic credential that can help verify the association between a public key and a specific entity. The most common use of digital certificates is to verify that a user sending a message is who he or she claims to be and to provide the receiver with a means to encode a reply. Certificates can be issued to computer equipment and processes as well as to individuals.

For example, companies that do business over the Internet can obtain digital certificates for their computer servers. These certificates are used to authenticate the servers to potential customers, who can then rely on the servers to support the secure exchange of encrypted information, such as passwords and credit card numbers.

Digital certificates address the need to link an individual to his or her public key. A digital certificate is created by placing the individual’s name, the individual’s public key, and certain other identifying information in a small electronic document that is stored in a directory or other database. Directories may be publicly available repositories kept on servers that act like telephone books in which users can look up others’ public keys. The digital certificate itself is created by a trusted third party called a certification authority, which digitally signs the certificate, thus providing assurance that the public key contained in the certificate does indeed belong to the individual named in the certificate. Certification authorities are a main component of a PKI, which uses cryptographic techniques to generate and manage digital certificates.

By linking an individual to his or her public key, digital certificates help to provide assurance that digital signatures are used effectively. However, digital certificates are only as secure as the public key infrastructure that they are based on. For example, if an unauthorized user is able to obtain a private key, the digital certificate could then be compromised. In addition, users of certificates are dependent on certification authorities to verify the digital certificates. If a valid certification authority is not used, or a certification authority makes a mistake or is the victim of a cyber attack, a digital certificate may be ineffective.