How to verify the digital signatures in information security?

A Digital Certificate is an electronic "password" that enables a person, organization to transfer data securely over the web using the public key infrastructure (PKI). Digital Certificate is also referred to as public key certificate or identity certificate.

Digital certificates play an essential role in maintaining online commerce safe. If the browser alerts a problem with a digital certificate, it is well-advised not to click through. Rather than call the business using a telephone number from the statements or phone book, and inquire as to the problem.

Public key encryption need SSL (Secure Sockets Layer) to encrypt some data between the customer’s computer and the e-commerce website. Information is shared in encrypted form to the site using the site’s public key. It can be receiving the information, the site need its private key to decrypt the data. This is known as key pair. Interlopers that can capture data en route will discover it unreadable.

The CA checks that a public key belongs to a definite company or individual (the “subject”), and the validation procedure it goes through to decide if the subject is who it claims to be based on the level of certification and the CA itself.

After the validation procedure is done, the CA makes an X.509 certificate that includes CA and subject data, such as the subject’s public key (details below). The CA signs the certificate by making a digest (a hash) of some fields in the certificate and encrypting the hash value with its private key. The encrypted digest is known as “digital signature,” and when located into the X.509 certificate, the certificate is said to be “signed.”

The CA maintain its private key very secure, because if ever find, false certificates can be created. The procedure of verifying the “signed certificate” is completed by the recipient’s software, which is generally the Web browser. The browser keeps an internal list of famous CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest.

It can reevaluates its own digest from the plain text in the certificate and compares the two. If both digests connect, the integrity of the certificate is checked (it was not tampered with), and the public key in the certificate is considered to be the valid public key of the subject.

At this point, the subject’s identity and the certificate’s integrity (no tampering) have been checked. The certificate is generally combined with a signed message or signed executable file, and the public key can verify the signatures. The subject’s public key can also be used to offer a secure key exchange to have an encrypted two-way connection session.

Updated on: 04-Mar-2022


Kickstart Your Career

Get certified by completing the course

Get Started