4.1 digital certificates

Upload: markkishan

Post on 05-Apr-2018

216 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/2/2019 4.1 Digital Certificates

    1/11

    Private & Confidential

    Digital Certificate

    A digital certificate is a digital form of

    identification, much like a passport or driver'slicense.

  • 8/2/2019 4.1 Digital Certificates

    2/11

    Private & Confidential

    Why Digital Signature are required?

    In the digital world, it is easy to make copy of digital record. Theproblem is copy is as good as original i.e a copy of word file will beas good as the original word file

    Scanned signature of a person in any of the following format i.e.

    jpeg, bmp, tiff, gif, pdf can be copied & it will be as good as theoriginal scanned copy.

    But if a document is digitally signed using digital certificates, than itis possible to make out which one is original & which one is

    duplicate.

  • 8/2/2019 4.1 Digital Certificates

    3/11

    Private & Confidential

    What are Digital Certificates?

    Digital Certificate revel the identity of a person, in the faceless worldof Internet

    Digital Certificates are issued by Certifying Agency called CA whoare controlled by Controller of Certifying Agency (CCA).

    A Digital Certificate has 2 parts Public Key & Private Key. As

    name suggest Public Key is shared with Public & Private key issupposed to be held with the owner.

    Digital Certificates is a small software that contains the identity ofthe person, and can be stored in Internet Browser digital certificaterepository/store

  • 8/2/2019 4.1 Digital Certificates

    4/11

    Private & Confidential

    What is a digitally signed document?

    Digitally Signed document contains 2 things

    Original Document i.e. Word file, Jpeg, PDF, etc.

    Digital Signature in Text Format

  • 8/2/2019 4.1 Digital Certificates

    5/11

    Private & Confidential

    How Digital Signature is generated?

    Take any Digital Document MP3, Word File, PDF, Jpeg, etc.

    Run Hash Algorithm & generate Message Digest (MD)

    Attach Public Key of Digital Certificate with EMD

    Encrypt MD (EMD) with Private Key of Digital Certificate

    EMD + attached public key is called Digital Signature.

  • 8/2/2019 4.1 Digital Certificates

    6/11

    Private & Confidential

    How Digital Signature is generated?

    Take Digital Signature

    Separate Encrypted MD & Public Key

    Generate new MD as explained earlier - say MD2

    Using Public Key, decrypt MD say MD1

    If MD1 & MD 2 matches, it means document is not tampered

    If MD1 & MD 2 do not match, it means document is tampered

  • 8/2/2019 4.1 Digital Certificates

    7/11Private & Confidential

    More about Digital Signature

    Digital Signature are so sensitive that even if a pixel is changed, itcan detect the change.

    From Digital Signature you know who signed it, when it was signed& weather document has been tampered or not.

    If someone tries to tamper/edit a document, than it can be detectedwith attached signature, but what has been edited cannot be know.

  • 8/2/2019 4.1 Digital Certificates

    8/11Private & Confidential

    Licensed Certifying Agency

    eMudra ICICI group

    TCS

    MTNL

    Safescrypt Verisign & Satyam Mahindra

    nCODE - GNFC

    more

  • 8/2/2019 4.1 Digital Certificates

    9/11Private & Confidential

    Types of Digital Certificates

    Class 1 Is issued to a person after verification of email account ofthe holder.

    Class 2 Is issued to a person after proper verification of therequired document, which should be attested/notarized

    Class 3 Is issued to a person only after physical verification of aperson & if all the required attested/notarized documents areavailable.

    Class 1 is least expensive & Class 3 is most expensive. Types. ForeProcurement purpose, we use only class 2 & 3 certificates.

  • 8/2/2019 4.1 Digital Certificates

    10/11Private & Confidential

    A Digital Certificate typically contains the:

    A Digital Certificate is issued by a Certification Authority(CA) and signed with the CA's private key.

    Owners name

    Owners public key/private key

    Expiration date

    Name of the issuer (the CA that issued the Digital

    Certificate) Serial number of the Digital Certificate

    Digital signature of the issuer

  • 8/2/2019 4.1 Digital Certificates

    11/11Private & Confidential

    FAQ

    A person can have 1 or more digital certificates

    A digital certificate is valid for 1 or more years

    Digital certificates are stored in a device called crypto key

    If security of digital certificate is compromised, than it can berevoked/cancelled by making a request to CA

    Unless revoked, the owner of the digital will be held valid for usage ofDigital certificate

    If documents are in place, a Certificate can be issued in few hours