Download - 4.1 Digital Certificates
-
8/2/2019 4.1 Digital Certificates
1/11
Private & Confidential
Digital Certificate
A digital certificate is a digital form of
identification, much like a passport or driver'slicense.
-
8/2/2019 4.1 Digital Certificates
2/11
Private & Confidential
Why Digital Signature are required?
In the digital world, it is easy to make copy of digital record. Theproblem is copy is as good as original i.e a copy of word file will beas good as the original word file
Scanned signature of a person in any of the following format i.e.
jpeg, bmp, tiff, gif, pdf can be copied & it will be as good as theoriginal scanned copy.
But if a document is digitally signed using digital certificates, than itis possible to make out which one is original & which one is
duplicate.
-
8/2/2019 4.1 Digital Certificates
3/11
Private & Confidential
What are Digital Certificates?
Digital Certificate revel the identity of a person, in the faceless worldof Internet
Digital Certificates are issued by Certifying Agency called CA whoare controlled by Controller of Certifying Agency (CCA).
A Digital Certificate has 2 parts Public Key & Private Key. As
name suggest Public Key is shared with Public & Private key issupposed to be held with the owner.
Digital Certificates is a small software that contains the identity ofthe person, and can be stored in Internet Browser digital certificaterepository/store
-
8/2/2019 4.1 Digital Certificates
4/11
Private & Confidential
What is a digitally signed document?
Digitally Signed document contains 2 things
Original Document i.e. Word file, Jpeg, PDF, etc.
Digital Signature in Text Format
-
8/2/2019 4.1 Digital Certificates
5/11
Private & Confidential
How Digital Signature is generated?
Take any Digital Document MP3, Word File, PDF, Jpeg, etc.
Run Hash Algorithm & generate Message Digest (MD)
Attach Public Key of Digital Certificate with EMD
Encrypt MD (EMD) with Private Key of Digital Certificate
EMD + attached public key is called Digital Signature.
-
8/2/2019 4.1 Digital Certificates
6/11
Private & Confidential
How Digital Signature is generated?
Take Digital Signature
Separate Encrypted MD & Public Key
Generate new MD as explained earlier - say MD2
Using Public Key, decrypt MD say MD1
If MD1 & MD 2 matches, it means document is not tampered
If MD1 & MD 2 do not match, it means document is tampered
-
8/2/2019 4.1 Digital Certificates
7/11Private & Confidential
More about Digital Signature
Digital Signature are so sensitive that even if a pixel is changed, itcan detect the change.
From Digital Signature you know who signed it, when it was signed& weather document has been tampered or not.
If someone tries to tamper/edit a document, than it can be detectedwith attached signature, but what has been edited cannot be know.
-
8/2/2019 4.1 Digital Certificates
8/11Private & Confidential
Licensed Certifying Agency
eMudra ICICI group
TCS
MTNL
Safescrypt Verisign & Satyam Mahindra
nCODE - GNFC
more
-
8/2/2019 4.1 Digital Certificates
9/11Private & Confidential
Types of Digital Certificates
Class 1 Is issued to a person after verification of email account ofthe holder.
Class 2 Is issued to a person after proper verification of therequired document, which should be attested/notarized
Class 3 Is issued to a person only after physical verification of aperson & if all the required attested/notarized documents areavailable.
Class 1 is least expensive & Class 3 is most expensive. Types. ForeProcurement purpose, we use only class 2 & 3 certificates.
-
8/2/2019 4.1 Digital Certificates
10/11Private & Confidential
A Digital Certificate typically contains the:
A Digital Certificate is issued by a Certification Authority(CA) and signed with the CA's private key.
Owners name
Owners public key/private key
Expiration date
Name of the issuer (the CA that issued the Digital
Certificate) Serial number of the Digital Certificate
Digital signature of the issuer
-
8/2/2019 4.1 Digital Certificates
11/11Private & Confidential
FAQ
A person can have 1 or more digital certificates
A digital certificate is valid for 1 or more years
Digital certificates are stored in a device called crypto key
If security of digital certificate is compromised, than it can berevoked/cancelled by making a request to CA
Unless revoked, the owner of the digital will be held valid for usage ofDigital certificate
If documents are in place, a Certificate can be issued in few hours