Operation
The principle of operation of digital certificates is based on the encryption of information and trust. For this, there are two encryption methods:Symmetric keys
This method is the easiest to understand: if Anne (A) wants to send an encrypted message to Bob (B) it shall disclose a password (key). As the encryption algorithm is symmetric, we have the following relation: Ciphertext = Encryption (key, text)And Anne can also decrypt a message from Bob with the same key. But you must first find a safe way to transmit the key to prying eyes. However, the situation can become complex, so Anne must send an encrypted message to Bob and Charlie, but she does not want to give the same key to Charlie. The more people, the more difficult it is to manage symmetric keys. Especially since he must first find a safe way to transmit the key to prying eyes.
Asymmetric keys
Ownership of asymmetric algorithms is that a message encrypted with a public key is readable only by the owner of the private key corresponding. Conversely, a message encrypted by theprivate key will be readable by anyone with the public key . And with his private key, Anne:- sign posts.
- read (decrypt) messages sent to him.
Certificate
A digital certificate is a data set containing:- at least a public key;
- credentials, such as: names, location, emails;
- at least one sign , when in fact there is only one, the signing entity is a single authority which she can lend confidence (or not) the accuracy of the certificate.
Keyserver
Certificates are stored by key servers , which can also act as registration authority and certification (item A). They identify and control certificates. They often have a list (item B) of revoked certificates.Description of key certificates
Electronic certificates of compliance with standards specifying their content rigorously. The two formats most used today are:- X.509 several RFCs define the properties and uses [citation needed] ;
- OpenPGP , defined in RFC 4880 1 .
Use of certificates
Information systems security
Electronic certificates can be used in various applications in the context of information systems security to ensure that:- the non-repudiation and integrity of data with digital signature or electronic signature (Advanced)
- the confidentiality of data through encryption ;
- the authentication or strong authentication of an individual or identity non-physical (Web Server - SSL , Computer - 802.1x, VPN IPSEC - SSH - SSL , Code Mobile , electronic documents).
Interoperability
In some cases, the certificate may be associated with the element " ID "of metadata records (10 th element in Dublin Core ) for interoperability 2 .Certificates and Internet navigation
Certificates are widely used on e-commerce sites, webmail or other sensitive sites (banks, taxes, etc.). Several levels of encryption available and several associated features make the understanding of complex certificates.X.509 standard
The certificates are classics that have existed for several years. Encryption between 40 bits and 256 bits. This is due in part to the ability of browsers and legislation. Generally, publishing companies offer certificates 40 bit or 128 bit secured.Extended X.509 certificates
These are the certificates that are supported in modern browsers and enable display a green background (indicating a trusted site warranty). The EV abbreviation stands for "Extended Validation".X.509 certificates omnidomaines
Omnidomaine a certificate or "wildcard" can make some generic domain name certified:- * . societe.fr → www.societe.fr, toto.societe.fr, titi.societe.fr (but not "societe.fr" nor "www.toto.societe.fr." See RFC 2818 3 )