{"id":2245,"date":"2022-03-21T14:21:33","date_gmt":"2022-03-21T14:21:33","guid":{"rendered":"http:\/\/learnlearn.uk\/alevelcs\/?page_id=2245"},"modified":"2022-03-30T16:34:09","modified_gmt":"2022-03-30T16:34:09","slug":"digital-certificates","status":"publish","type":"page","link":"https:\/\/learnlearn.uk\/alevelcs\/digital-certificates\/","title":{"rendered":"Digital Signatures & Certificates"},"content":{"rendered":"
\n

Digital Certificates<\/h2>\n
\n\n

Digital Certificates<\/h3>\n

One of the limitations of asymmetric encryption is that when used on its own, it is vulnerable to a man-in-the-middle attack. It is possible for an attacker to intercept the asymmetric handshake process and fool the sender and receiver into thinking they are sending secure messages. This is because although asymmetric encryption ensures secure transfer of data between two parties it does not itself ensure authentication of the identity of the parties involved. In order to ensure authentication asymmetric encryption needs to be used in conjunction with a digital certificate issued by a trustworthy certificate authority.<\/p>\n

When an entity (such as a website) wants to apply for a digital certificate they send their public key, along with other details, to the certificate authority(CA). The CA then sends a signed copy of the digital certificate back to the entity.<\/p>\n\n<\/div>

Verification Process<\/h2>\n
\n\n

Certificate verification process (for a website)<\/strong><\/h3>\n

Step 1 – Certificate Requested<\/strong><\/p>\n

The user’s browser sends a message to the website server, requesting the digital certificate.<\/p>\n

Step 2 – Certificate Sent<\/strong><\/p>\n

The website sends a copy of the digital certificate to the user.<\/p>\n

Step 3 – Certificate Authenticated<\/strong><\/p>\n

The user’s browser verifies the validity of the certificate using the public key of the CA. Most web browsers have a preinstall cache of the public keys of trusted Certificate Authorities. The public key stored on the browser is used to verify the hash digest of the certificate.<\/p>\n

Step 4 – Communication Begins<\/strong><\/p>\n

The user’s browser uses the public key provided within the authenticated certificate to perform asymmetric encryption on the symmetric shared key and sends the encrypted symmetric key to the website. Since only the website know the corresponding private key, only the legitimate website can decrypt the encrypted symmetric key and therefore\u00a0 communication can be considered secure and authenticated.<\/p>\n

Contents of a Digital Certificate<\/strong><\/p>\n