Ok, I will not get into the ?whats a PKI (Public Key Infrastructure) because there are so many tutorials and short intros out there already, do a small google search and blam you have like 1000’s of them (see here).

A Certificate Environment is based on PKI, it still involves public and private keys in conjunction with Certificates, a Certificate by definition ?affirms a fact?. This means it will confirm something you ?say? or try to convey. A Certificate environment in the IT world, is a structure with a central entity, called Certificate Authority (CA from here on), that issues certificates for various purposes.

This CA is fully trusted in the environment. In other words, if someone presents you a certificate that is signed by an entity that you trust, you believe the bearer is who he says he is.
The best analogy I can come up with is with passports.

If you travel to a foreign country (say , across the Atlantic or Pacific) on the other side you have to show your passport in order to gain entry to the country. The passport issuing country is known to the customs system on the other side and the passport is compared to a database. If the database says that the passport is ok, then you can get in, if not, you most likely will be escorted to a room and have some unpleasant questions to answer.

In a certificate environment, if I know the CA (or my system for that matter) and I get a certificate that is signed by that CA, my machine will compare the certificate to a database (Revocation list, RL from now on), and if its not on that database or list its ok and I trust that the service or machine that is giving me the certificate is what it says it is. This process is shown in Figure 1, if this is clear enough :).

Figure 1:

Now, certificates prove identity as we just saw, however they also allow the 2 communicating systems to encrypt traffic between them, a common key (the signature mostly) in the certificate sis used as an encryption key , together with a session ID. This makes cracking quite hard. Of course there is the Man-in-the-middle attacks but they are pretty rare and if the environment is set up correctly, nearly impossible to succeed.

Popularity: 4% [?]

Pages: 1 2