Certificates


Public key cryptography can be used to digitally sign messages. For example, if you encrypt a message with your secret key, the receiver can guarantee it came from you by simply decrypting it with your public key. But there is a missing step. How can you authenticate people or entities that you have never met in person? In other words, how can you check who a particular public key really belongs to?

The solution involves a trusted third party, the Certification Authority (CA). The CA can be internal to a company or university, or a commercial entity that provides certification services to companies conducting business over the Internet. A CA issues certificates, which are electronic documents that tie a particular public key to information about its owner, such as name and address. The certificates are digitally signed with the CA private key, which certifies that the information is correct.

For this whole process to work, you must trust the CA that issued the certificate. You also need to be able to obtain the public key for that particular CA, which is provided by that CA's so-called root certificate. Most popular browsers, such as Internet Explorer, Firefox, and Safari, bundle a number of root certificates for commonly trusted certification authorities. This allows the browsers to recognize and validate a great number of websites without the user's manual intervention.




Apache(c) Phrase Book(c) Essential Code and Commands
Apache Phrasebook
ISBN: 0672328364
EAN: 2147483647
Year: 2006
Pages: 254

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net