7Key Exchange. Digital Certification

Digital signatures represent one of the primary uses of public-key cryptography. For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. In many aspects, digital signatures are equivalent to traditional handwritten signatures, but properly implemented digital signatures are more difficult to forge than the handwritten type. In order to verify a digital signature, the sender’s knowledge of the public key is required. Therefore, a key distribution mechanism is totally needed.

The most accepted approach is based on the usage of digital certificates, which enables the realization of the key exchange.

A digital certificate is an electronic document used to identify an individual, a server, a company, or some other entity and to associate that identity with a public key. It incorporates a digital signature that binds together a public-key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. Certificates help prevent the use of fake public keys for impersonation. Only the public key certified by the certificate will work with the corresponding private key possessed by the entity identified by the certificate.

A digital certificate is a data structure which contains the public key of a subject or certificate holder, as well as the identification data of the certificate holder, a time stamp related to the certificate validity and other data from the certification authority. This structure is signed with the private key of a certification authority (CA) and every user is able to check the authenticity of the certificate content by using the public key of the certification authority. Certification authorities are the entities that issue certificates and validate identities.

The next figure shows the structure of a digital certificate:

image
Fig 7.1 Digital certificate structure