Abstract image of a woman sitting on books and studying on a laptop

Unit 3_Digital Certificate_Intro_Types.pdf

K
KanchanPatil34

Introduction to Digital Certificates, Certification Authority, Contents of Digital Certificate, Digital Certificate Versions, Certificate Types

Education
1 of 20
Downloaded 67 times
1
2
3
4
Most read
5
Most read
6
7
8
9
10
11
Most read
12
13
14
15
16
17
18
19
20
Cryptography and Cyber Security [IT311] Sanjivani Rural Education Society’s Sanjivani College of Engineering, Kopargaon-423603 (An Autonomous Institute Affiliated to Savitribai Phule Pune University, Pune) NAAC ‘A’ Grade Accredited, ISO 9001:2015 Certified Department of Information Technology (NBAAccredited) Mrs. Kanchan D. Patil Assistant Professor
Unit 3: Message Digest & Key Management • Hash Algorithms: SHA-1, MD5, Key Management: Introduction, Key Management: Generations, Distribution, Updation, Digital Certificate, Digital Signature, Kerberos 5.0. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
Digital Certificate • Introduction • Certification Authority • Contents of Digital Certificate • Digital Certificate Creation • Digital Certificate Verification • Certificate Types Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
Digital Certificate : Introduction • A digital certificate is digital document that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI) such as driving license or passport. • It is small computer file with the name such as k.cer • The file extension can be different • Example: • Passport signifies the association between me and my other characteristics such as full name, nationality, date and place of birth, photograph and signature • Digital certificate simply signifies the association between my public key and me. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
Digital Certificate : Introduction • Digital Certificate must be approved by some authority in which all the concerned parties have a great amount of trust and belief. • A digital certificate establishes the relation between a user and her public key. Therefore, a digital certificate must contain the user name and the user's public key. • This will prove that a particular public key belongs to a particular user. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
Digital Certificate : Introduction • Subject Name: Any user's name in a digital certificate is always referred to as subject name. Because Digital Certificate can be issued to an individual, a group or an organization. • Serial number: We shall see what it means in due course of time. • Time: The certificate also contains other pieces of information, such as the validity date range for the certificate. • Issuer Name: who has issued it. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
Certification Authority • A Certification Authority (CA) is a trusted agency that can issue digital certificates. • The authority of acting as a CA has to be with someone who everybody trusts. • Consequently, the governments in the various countries decided who can and who cannot be a CA. • CA is a reputed organization, such as a post office, financial institution, software company, etc. • Famous CA: • VeriSign • Entrust Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
Certification Authority • First Indian CA in February 2002 • Safescrypt Limited, subsidiary of Satyam Infoway Limited • CA has the authority to issue digital certificates to individuals and organizations, which war to use those certificates in asymmetric key cryptographic applications. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
Technical Details of Digital Certificate • A standard called as X.509 defines the structure of a digital certificate. • The International Telecommunication Union (ITU) came up with this standard in 1988. • The current version of the standard is Version 3, called as X.509V3. • The Internet Engineering Task Force(IETF) published the RFC2459 for the X.509 standard in 1999 Cryptography & Cyber Security
Technical Details of Digital Certificate • Contents of Digital Certificate shown in figure Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
Technical Details of Digital Certificate • The figure shows the various fields of a digital certificate according to the X.509 standard. • It also specifies which version of the standard contains which fields. • Version 1 of the X.509 standard contained seven basic fields, version 2 added two more fields and version 3 added one more field. • These additional fields are called as extensions or extended attributes of version 2 and 3, respectively. • Of course, we have one additional common field in the end for all the versions. • Version 2 introduced two new fields to deal with the possibility that the Issuer Name (ie. the CA' name) and the Subject Name (i.e. the certificate holder's name) might be unintentionally duplicated over time. Cryptography & Cyber Security
Technical Details of Digital Certificate • However, the digital certificate standard (RFC2459) specifies that the same Issuer Name or the same Subject Name should never be used more than once in the first place. • Therefore, although these fields are added by version 2, their usage id discouraged and both these fields are made optional However, if used, these fields help distinguish between two issuers or subjects, if they are duplicated for some reason. • Version 3 of the X.509 standard has added many extensions to the structure of a digital certificate. Cryptography & Cyber Security
Fields in X.509 Digital Certificate V1 Cryptography & Cyber Security
Fields in X.509 Digital Certificate V2 Cryptography & Cyber Security
Fields in X.509 Digital Certificate V3 Cryptography & Cyber Security
Types of Digital Certificate • Depending on the requirement, the status and cost of certificate will differ. • For instance, a digital certificate can be used by a user only for encrypting messages, but not for digitally signing any messages. • In contrast, a merchant setting up its online shopping site may use a high- cost digital certificate, which covers many areas. • Generally, the certificate types can be classified as follows: • Email Certificates • Server-side SSL certificates • Client-side SSL certificates • Code-signing certificates Cryptography & Cyber Security
Types of Digital Certificate • Email certificates: • Email certificates include the user's email id. • This is used to verify that the signer of an email message has an email id that is the same as it appears in that user's certificate. • Server-side SSL certificates: • These certificates are useful for merchants who want to allow buyers to purchase goods or services from their online Web site. • Since a misuse of this certificate can cause serious damages, such certificates are issued only after a careful scrutiny of the merchant's credentials. Cryptography & Cyber Security
Types of Digital Certificate • Client-side SSL certificates: • These certificates allow a merchant (or any other server-side entity) to verify a client (browser-side entity). • Code-signing certificates: • Many people do not like to download client-side code such as Java applets or ActiveX controls, because of the inherent risks associated with them. • In order to alleviate these concerns, the code (i.c. the Java applets or ActiveX controls) can be signed by the signer. Cryptography & Cyber Security
Types of Digital Certificate • Code-signing certificates (continued): • When a user hits a Web page that contains such code, the browser displays a warning message, indicating that the page contains such pieces of code, signed by the appropriate developer/organization and whether the user would like to trust that developer/organization. • If the user responds affirmatively, the Java applets or ActiveX controls are downloaded and get executed on the browser. • However, if the user rejects the offer, the processing ends there. It must be noted that mere signing of code does not make it safe- the code could cause havoc. • It simply specifies where the code originates. Cryptography & Cyber Security
References: Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology • Atul Kahate,”Cryptography and Network Security”, second edition, Tata McGraw Hill

More Related Content

PDF
Unit 3_Kerberos Protocol_Working_Version.pdf
KanchanPatil34
 
PDF
Unit 2_AES_AES_Structure_Encryption_Example.pdf
KanchanPatil34
 
PDF
Unit 3_Digital Signature Model Details.pdf
KanchanPatil34
 
PDF
Unit 1_Transposition Techniques_Ciphers.pdf
KanchanPatil34
 
PDF
Unit 1_Classical Encryption Techniques.pdf
KanchanPatil34
 
PDF
Unit 2_Public Key Cryptograohy_RSA_Example.pdf
KanchanPatil34
 
PDF
AES Solved Example on Encryption all rounds.pdf
KanchanPatil34
 
PDF
Unit 6_DoS and DDoS_SQL Injection_tools.pdf
KanchanPatil34
 
Unit 3_Kerberos Protocol_Working_Version.pdf
KanchanPatil34
 
Unit 2_AES_AES_Structure_Encryption_Example.pdf
KanchanPatil34
 
Unit 3_Digital Signature Model Details.pdf
KanchanPatil34
 
Unit 1_Transposition Techniques_Ciphers.pdf
KanchanPatil34
 
Unit 1_Classical Encryption Techniques.pdf
KanchanPatil34
 
Unit 2_Public Key Cryptograohy_RSA_Example.pdf
KanchanPatil34
 
AES Solved Example on Encryption all rounds.pdf
KanchanPatil34
 
Unit 6_DoS and DDoS_SQL Injection_tools.pdf
KanchanPatil34
 

What's hot (20)

PDF
Unit 3_Hash function and MD5 working.pdf
KanchanPatil34
 
DOCX
Unit 2 Client-Side Encoding in Web Security
ChatanBawankar
 
PDF
Unit 2_Key distribution_Deffi-Hellman.pdf
KanchanPatil34
 
PDF
Unit 6_Introduction_Phishing_Password Cracking.pdf
KanchanPatil34
 
PDF
Unit 4_IPSec_AH_ESP_IKE_SA_Tunnel_Transport.pdf
KanchanPatil34
 
PDF
Unit 5_Introduction to Cyber Security.pdf
KanchanPatil34
 
DOCX
Unit 2_Blacklisting & Whitelisting User Input in Python.docx
ChatanBawankar
 
PDF
Unit 2_DES Algorithm_Encryption_Decryption.pdf
KanchanPatil34
 
PDF
Unit1_Types of MACHINE LEARNING 2020pattern.pdf
RAMESHWAR CHINTAMANI
 
PDF
Unit 6_Cyber Laws Indian Act_Digital Signature.pdf
KanchanPatil34
 
PDF
Unit 4_SSL_Handshake Protocol_Record Layer Protocol.pdf
KanchanPatil34
 
PDF
ML_Unit_IV_Clustering in Machine Learning.pdf
rameshwarchintamani
 
PDF
Machine Learning_Unit_II_Regression_notes.pdf
RAMESHWAR CHINTAMANI
 
PDF
Unit 5_Classification of Cyber Crimes.pdf
KanchanPatil34
 
PDF
Unit 3_Secure Hash Algorithm_SHA_Working.pdf
KanchanPatil34
 
PDF
Unit1_Introduction to ML_Cross_validation.pdf
RAMESHWAR CHINTAMANI
 
DOCX
Unit 1 DVWA (Damn Vulnerable Web Application).docx
ChatanBawankar
 
PDF
Unit 6_keylogger_Spywares_virus_worms.pdf
KanchanPatil34
 
DOCX
Unit 1 Stored Cross-Site Scripting (XSS)
ChatanBawankar
 
DOCX
Unit 1 XSS-- Document Object Model (DOM)
ChatanBawankar
 
Unit 3_Hash function and MD5 working.pdf
KanchanPatil34
 
Unit 2 Client-Side Encoding in Web Security
ChatanBawankar
 
Unit 2_Key distribution_Deffi-Hellman.pdf
KanchanPatil34
 
Unit 6_Introduction_Phishing_Password Cracking.pdf
KanchanPatil34
 
Unit 4_IPSec_AH_ESP_IKE_SA_Tunnel_Transport.pdf
KanchanPatil34
 
Unit 5_Introduction to Cyber Security.pdf
KanchanPatil34
 
Unit 2_Blacklisting & Whitelisting User Input in Python.docx
ChatanBawankar
 
Unit 2_DES Algorithm_Encryption_Decryption.pdf
KanchanPatil34
 
Unit1_Types of MACHINE LEARNING 2020pattern.pdf
RAMESHWAR CHINTAMANI
 
Unit 6_Cyber Laws Indian Act_Digital Signature.pdf
KanchanPatil34
 
Unit 4_SSL_Handshake Protocol_Record Layer Protocol.pdf
KanchanPatil34
 
ML_Unit_IV_Clustering in Machine Learning.pdf
rameshwarchintamani
 
Machine Learning_Unit_II_Regression_notes.pdf
RAMESHWAR CHINTAMANI
 
Unit 5_Classification of Cyber Crimes.pdf
KanchanPatil34
 
Unit 3_Secure Hash Algorithm_SHA_Working.pdf
KanchanPatil34
 
Unit1_Introduction to ML_Cross_validation.pdf
RAMESHWAR CHINTAMANI
 
Unit 1 DVWA (Damn Vulnerable Web Application).docx
ChatanBawankar
 
Unit 6_keylogger_Spywares_virus_worms.pdf
KanchanPatil34
 
Unit 1 Stored Cross-Site Scripting (XSS)
ChatanBawankar
 
Unit 1 XSS-- Document Object Model (DOM)
ChatanBawankar
 
Ad

Similar to Unit 3_Digital Certificate_Intro_Types.pdf (20)

PPTX
PKI & SSL
RitaThakkar1
 
PPT
Computer Security Test
khant14
 
PDF
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
PPTX
Impact of digital certificate in network security
rhassan84
 
PPTX
Impact of digital certificate in network security
rhassan84
 
PDF
Authentication and Authorization Models
CSCJournals
 
PPTX
Development of Digital Identity Systems
Maganathin Veeraragaloo
 
PPTX
Chapter 2 Overview of Commercial Issues.pptx
mc0225225
 
PDF
Twofactorauthentication 120625115723-phpapp01
Hai Nguyen
 
PDF
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
P2PSystem
 
PPTX
Chapter 23 Internet Authentication Applications
GoldenMIT
 
PDF
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
PPTX
Cryptography in user authentication
Rishikesh Jha
 
PPTX
Alpha Education
Alpha20 Group
 
PDF
IRJET- Survey on Blockchain based Digital Certificate System
IRJET Journal
 
PDF
Digital certificates & its importance
svm
 
PPTX
Public key infrastructure
Aditya Nama
 
PDF
Blockchain PoC For Education
Sanjeev Raman
 
PPTX
IT ACT 2000 SALIENT FEATURES UPDATED.pptx
Sunny111140
 
PPTX
IT ACT 2000 SALIENT FEATURES UPDATED.pptx
Sunny111140
 
PKI & SSL
RitaThakkar1
 
Computer Security Test
khant14
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
DigiCert, Inc.
 
Impact of digital certificate in network security
rhassan84
 
Impact of digital certificate in network security
rhassan84
 
Authentication and Authorization Models
CSCJournals
 
Development of Digital Identity Systems
Maganathin Veeraragaloo
 
Chapter 2 Overview of Commercial Issues.pptx
mc0225225
 
Twofactorauthentication 120625115723-phpapp01
Hai Nguyen
 
317c0cdb 81da-40f9-84f2-1c5fba2f4b2d
P2PSystem
 
Chapter 23 Internet Authentication Applications
GoldenMIT
 
Two-factor Authentication
PortalGuard dba PistolStar, Inc.
 
Cryptography in user authentication
Rishikesh Jha
 
Alpha Education
Alpha20 Group
 
IRJET- Survey on Blockchain based Digital Certificate System
IRJET Journal
 
Digital certificates & its importance
svm
 
Public key infrastructure
Aditya Nama
 
Blockchain PoC For Education
Sanjeev Raman
 
IT ACT 2000 SALIENT FEATURES UPDATED.pptx
Sunny111140
 
IT ACT 2000 SALIENT FEATURES UPDATED.pptx
Sunny111140
 
Ad

More from KanchanPatil34 (11)

PDF
Unit 3_Classification_Decision Tree_ASM.pdf
KanchanPatil34
 
PDF
Unit 2_Logistic Regression_Types_Regularization.pdf
KanchanPatil34
 
PDF
Unit 2_Linear Regression_Evaluation Metrics.pdf
KanchanPatil34
 
PDF
Unit 1_Data Validation_Validation Techniques.pdf
KanchanPatil34
 
PDF
Unit 1_Concet of Feature-Feature Selection Methods.pdf
KanchanPatil34
 
PDF
Unit 1_Introduction to ML_Types_Applications.pdf
KanchanPatil34
 
PDF
Unit 5_Social Engineering and Cyberstalking.pdf
KanchanPatil34
 
PDF
Unit 3_Private Key Management_Protection.pdf
KanchanPatil34
 
PDF
Unit 1_Security Fundamentals_services_mechanisms.pdf
KanchanPatil34
 
PDF
Unit 1_Stack and Queue using Linked Organization.pdf
KanchanPatil34
 
PDF
Unit 1_Single Linked List and Double Linked List.pdf
KanchanPatil34
 
Unit 3_Classification_Decision Tree_ASM.pdf
KanchanPatil34
 
Unit 2_Logistic Regression_Types_Regularization.pdf
KanchanPatil34
 
Unit 2_Linear Regression_Evaluation Metrics.pdf
KanchanPatil34
 
Unit 1_Data Validation_Validation Techniques.pdf
KanchanPatil34
 
Unit 1_Concet of Feature-Feature Selection Methods.pdf
KanchanPatil34
 
Unit 1_Introduction to ML_Types_Applications.pdf
KanchanPatil34
 
Unit 5_Social Engineering and Cyberstalking.pdf
KanchanPatil34
 
Unit 3_Private Key Management_Protection.pdf
KanchanPatil34
 
Unit 1_Security Fundamentals_services_mechanisms.pdf
KanchanPatil34
 
Unit 1_Stack and Queue using Linked Organization.pdf
KanchanPatil34
 
Unit 1_Single Linked List and Double Linked List.pdf
KanchanPatil34
 

Recently uploaded (20)

PPTX
Theoretical for class.pptxgshdhddhdhdhgd
MoybonKalif
 
PPTX
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
PDF
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
PPTX
Thinking Routines and Learning Engagements.pptx
n646vnqyjz
 
PPTX
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
PDF
CHALLENGES FACED BY TEACHERS WHEN TEACHING LEARNERS WITH DEVELOPMENTAL DISABI...
HarlynCaballero1
 
PDF
Kalaari-SaaS-Founder-Playbook-2024-Edition-.pdf
savannetflix
 
PPTX
Approach to a child with acute kidney injury
SukantaMandal26
 
PDF
GIÁO ÁN TIẾNG ANH 7 GLOBAL SUCCESS (CẢ NĂM) THEO CÔNG VĂN 5512 (2 CỘT) NĂM HỌ...
Nguyen Thanh Tu Collection
 
PDF
African Communication Research: A review
AgathaMashindano1
 
PPTX
growth and developement.pptxweeeeerrgttyyy
[email protected]
 
PPTX
Cite It Right: A Compact Illustration of APA 7th Edition.pptx
ZeeKeZahid
 
PDF
Unleashing the Potential of the Cultural and creative industries
Claudia Lanteri
 
DOCX
THEORY AND PRACTICE ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
PDF
LATAM’s Top EdTech Innovators Transforming Learning in 2025.pdf
educationexcellencem
 
PPTX
MMW-CHAPTER-1-final.pptx major Elementary Education
kimberlydespair4
 
PPTX
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
DOCX
EDUCATIONAL ASSESSMENT ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
PDF
BSc-Zoology-02Sem-DrVijay-Comparative anatomy of vertebrates.pdf
ps6013234
 
PPTX
Key-Features-of-the-SHS-Program-v4-Slides (3) PPT2.pptx
abdurakibtingsonjali
 
Theoretical for class.pptxgshdhddhdhdhgd
MoybonKalif
 
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
Thinking Routines and Learning Engagements.pptx
n646vnqyjz
 
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
CHALLENGES FACED BY TEACHERS WHEN TEACHING LEARNERS WITH DEVELOPMENTAL DISABI...
HarlynCaballero1
 
Kalaari-SaaS-Founder-Playbook-2024-Edition-.pdf
savannetflix
 
Approach to a child with acute kidney injury
SukantaMandal26
 
GIÁO ÁN TIẾNG ANH 7 GLOBAL SUCCESS (CẢ NĂM) THEO CÔNG VĂN 5512 (2 CỘT) NĂM HỌ...
Nguyen Thanh Tu Collection
 
African Communication Research: A review
AgathaMashindano1
 
growth and developement.pptxweeeeerrgttyyy
[email protected]
 
Cite It Right: A Compact Illustration of APA 7th Edition.pptx
ZeeKeZahid
 
Unleashing the Potential of the Cultural and creative industries
Claudia Lanteri
 
THEORY AND PRACTICE ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
LATAM’s Top EdTech Innovators Transforming Learning in 2025.pdf
educationexcellencem
 
MMW-CHAPTER-1-final.pptx major Elementary Education
kimberlydespair4
 
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
EDUCATIONAL ASSESSMENT ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
BSc-Zoology-02Sem-DrVijay-Comparative anatomy of vertebrates.pdf
ps6013234
 
Key-Features-of-the-SHS-Program-v4-Slides (3) PPT2.pptx
abdurakibtingsonjali
 

Unit 3_Digital Certificate_Intro_Types.pdf

  • 1. Cryptography and Cyber Security [IT311] Sanjivani Rural Education Society’s Sanjivani College of Engineering, Kopargaon-423603 (An Autonomous Institute Affiliated to Savitribai Phule Pune University, Pune) NAAC ‘A’ Grade Accredited, ISO 9001:2015 Certified Department of Information Technology (NBAAccredited) Mrs. Kanchan D. Patil Assistant Professor
  • 2. Unit 3: Message Digest & Key Management • Hash Algorithms: SHA-1, MD5, Key Management: Introduction, Key Management: Generations, Distribution, Updation, Digital Certificate, Digital Signature, Kerberos 5.0. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
  • 3. Digital Certificate • Introduction • Certification Authority • Contents of Digital Certificate • Digital Certificate Creation • Digital Certificate Verification • Certificate Types Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
  • 4. Digital Certificate : Introduction • A digital certificate is digital document that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI) such as driving license or passport. • It is small computer file with the name such as k.cer • The file extension can be different • Example: • Passport signifies the association between me and my other characteristics such as full name, nationality, date and place of birth, photograph and signature • Digital certificate simply signifies the association between my public key and me. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
  • 5. Digital Certificate : Introduction • Digital Certificate must be approved by some authority in which all the concerned parties have a great amount of trust and belief. • A digital certificate establishes the relation between a user and her public key. Therefore, a digital certificate must contain the user name and the user's public key. • This will prove that a particular public key belongs to a particular user. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
  • 6. Digital Certificate : Introduction • Subject Name: Any user's name in a digital certificate is always referred to as subject name. Because Digital Certificate can be issued to an individual, a group or an organization. • Serial number: We shall see what it means in due course of time. • Time: The certificate also contains other pieces of information, such as the validity date range for the certificate. • Issuer Name: who has issued it. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
  • 7. Certification Authority • A Certification Authority (CA) is a trusted agency that can issue digital certificates. • The authority of acting as a CA has to be with someone who everybody trusts. • Consequently, the governments in the various countries decided who can and who cannot be a CA. • CA is a reputed organization, such as a post office, financial institution, software company, etc. • Famous CA: • VeriSign • Entrust Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
  • 8. Certification Authority • First Indian CA in February 2002 • Safescrypt Limited, subsidiary of Satyam Infoway Limited • CA has the authority to issue digital certificates to individuals and organizations, which war to use those certificates in asymmetric key cryptographic applications. Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
  • 9. Technical Details of Digital Certificate • A standard called as X.509 defines the structure of a digital certificate. • The International Telecommunication Union (ITU) came up with this standard in 1988. • The current version of the standard is Version 3, called as X.509V3. • The Internet Engineering Task Force(IETF) published the RFC2459 for the X.509 standard in 1999 Cryptography & Cyber Security
  • 10. Technical Details of Digital Certificate • Contents of Digital Certificate shown in figure Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology
  • 11. Technical Details of Digital Certificate • The figure shows the various fields of a digital certificate according to the X.509 standard. • It also specifies which version of the standard contains which fields. • Version 1 of the X.509 standard contained seven basic fields, version 2 added two more fields and version 3 added one more field. • These additional fields are called as extensions or extended attributes of version 2 and 3, respectively. • Of course, we have one additional common field in the end for all the versions. • Version 2 introduced two new fields to deal with the possibility that the Issuer Name (ie. the CA' name) and the Subject Name (i.e. the certificate holder's name) might be unintentionally duplicated over time. Cryptography & Cyber Security
  • 12. Technical Details of Digital Certificate • However, the digital certificate standard (RFC2459) specifies that the same Issuer Name or the same Subject Name should never be used more than once in the first place. • Therefore, although these fields are added by version 2, their usage id discouraged and both these fields are made optional However, if used, these fields help distinguish between two issuers or subjects, if they are duplicated for some reason. • Version 3 of the X.509 standard has added many extensions to the structure of a digital certificate. Cryptography & Cyber Security
  • 13. Fields in X.509 Digital Certificate V1 Cryptography & Cyber Security
  • 14. Fields in X.509 Digital Certificate V2 Cryptography & Cyber Security
  • 15. Fields in X.509 Digital Certificate V3 Cryptography & Cyber Security
  • 16. Types of Digital Certificate • Depending on the requirement, the status and cost of certificate will differ. • For instance, a digital certificate can be used by a user only for encrypting messages, but not for digitally signing any messages. • In contrast, a merchant setting up its online shopping site may use a high- cost digital certificate, which covers many areas. • Generally, the certificate types can be classified as follows: • Email Certificates • Server-side SSL certificates • Client-side SSL certificates • Code-signing certificates Cryptography & Cyber Security
  • 17. Types of Digital Certificate • Email certificates: • Email certificates include the user's email id. • This is used to verify that the signer of an email message has an email id that is the same as it appears in that user's certificate. • Server-side SSL certificates: • These certificates are useful for merchants who want to allow buyers to purchase goods or services from their online Web site. • Since a misuse of this certificate can cause serious damages, such certificates are issued only after a careful scrutiny of the merchant's credentials. Cryptography & Cyber Security
  • 18. Types of Digital Certificate • Client-side SSL certificates: • These certificates allow a merchant (or any other server-side entity) to verify a client (browser-side entity). • Code-signing certificates: • Many people do not like to download client-side code such as Java applets or ActiveX controls, because of the inherent risks associated with them. • In order to alleviate these concerns, the code (i.c. the Java applets or ActiveX controls) can be signed by the signer. Cryptography & Cyber Security
  • 19. Types of Digital Certificate • Code-signing certificates (continued): • When a user hits a Web page that contains such code, the browser displays a warning message, indicating that the page contains such pieces of code, signed by the appropriate developer/organization and whether the user would like to trust that developer/organization. • If the user responds affirmatively, the Java applets or ActiveX controls are downloaded and get executed on the browser. • However, if the user rejects the offer, the processing ends there. It must be noted that mere signing of code does not make it safe- the code could cause havoc. • It simply specifies where the code originates. Cryptography & Cyber Security
  • 20. References: Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology • Atul Kahate,”Cryptography and Network Security”, second edition, Tata McGraw Hill