Digital Certificates are the electronic counterparts to driver licenses, passports and membership cards. You can present a Digital Certificate electronically to prove your identity or your right to access information or services online.

Digital Certificates, also known as digital certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A Digital Certificate makes it possible to verify someone’s claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital Certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.

A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA’s private key.

A Digital Certificate typically contains the:

• Owner’s public key
• Owner’s name
• Expiration date of the public key
• Name of the issuer (the CA that issued the Digital Certificate
• Serial number of the Digital Certificate
• Digital signature of the issuer

The most well known Certification Authority is Verisign, which can be found at <http://www.verisign.com.au>.

VeriSign introduced the concept of three classes of digital certificates:

• Class 1 for individuals, intended for email;
• Class 2 for organizations, for which proof of identity is required; and
• Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority (CA).

Over the years there had been developed several methods of encryption. Originally, the simplest method of encryption was a simple replacement of letters with numbers, for example, A=1, B=2, C=3 etc. Using that, encrypting of word ‘a cab’ would be ‘1 312’. Clearly, such a code could be easily figured out by a third party which may be interested in accessing the information in the message.

Several main cryptographic techniques have been developed over the years. Most of these techniques were created to ensure three main aims: to prove the identity of the message senders, to ensure that the message was not altered while in transit, and to enable encryption of the message so that information would not be available for anyone except the intended party. The main technique for encrypting and signing messages is RSA, set out below.

This system of encrytpion may allow for all three main aims set out above (The identity, as pointed out in other discussions, might have to be verified by an independed third party, such as Verisign or Thwarte).

The principle of RSA encryption algorithm is as follows:

• Take two prime numbers, p and q. For encryption to be practically secure, these prime numbers have to be quite large.
• Multiply numbers p and q to derive a new number n, called the modulus.
• Choose a number e which conforms to 1 < e < (p-1)(q-1), and e and (p-1)(q-1) have no common prime factors between them.
• Choose a number d so that (de – 1)mod ( (p – 1)(q – 1) )=0, i.e. that (de-1) is evenly divisible by (p-1)(q-1)

When these numbers are derived, the pair (e, n) becomes the public key, and pair (d, n) becomes the private key.

The encryption then follows the following formula: Represent the message with W, and then encrypt it using K=W^e mod (n). The derived message, K, is then sent to the owner of the private key holder. The message is then decrypted using formula W=K^d mod (n).

Due to the nature of the mod function 1), the calculation cannot be reversed using the values in the private key, and only the public key can decrypt the message.

n decrypt the message.

Other relevant pages on this topic:

• Digital Certificates - Is Your Internet Banking Secure?
• Trust Technologies
• PKI (Public Key Infrastructure)
• Communications Security
• OpenDocument