naren_parmar
asked on
Digital Certificate Validation/checking
Dear Sirs/mame,
I have some queries about DIgital Certification.
In the real time senario, Suppose I want to send a message in a encrypted format using your public key.
Case 1:-
I need your digitall certificate which I can request to CA.But how this request is made to CA. There are lots of CAs and from whom you have aquired the certificate that I don't know so how can I get your certificate .
case 2:-
I am having your Digital certificate.While using your certificate for encrypting the content,who will check the validity of your certificate.
case 3:-
Suppose all of the above task is completed (means your certificate is checked and endorsed by third part). I have sent you document with digitally sign using my Digitally Certificate which you are supposed to recieve after two days.Before you opened the document ,my Certificate is revoked.Can you stll see the document or document is no longer valid?
How all these senarioes are being solved in real time.
waiting for your reply,
narendra.
I have some queries about DIgital Certification.
In the real time senario, Suppose I want to send a message in a encrypted format using your public key.
Case 1:-
I need your digitall certificate which I can request to CA.But how this request is made to CA. There are lots of CAs and from whom you have aquired the certificate that I don't know so how can I get your certificate .
case 2:-
I am having your Digital certificate.While using your certificate for encrypting the content,who will check the validity of your certificate.
case 3:-
Suppose all of the above task is completed (means your certificate is checked and endorsed by third part). I have sent you document with digitally sign using my Digitally Certificate which you are supposed to recieve after two days.Before you opened the document ,my Certificate is revoked.Can you stll see the document or document is no longer valid?
How all these senarioes are being solved in real time.
waiting for your reply,
narendra.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
#1)
> I don't know so how can I get your certificate .
Onus is upon you.
I do not have to tell you anything if I don't want to. I have right to privacy. If you want my number, try asking. I may tell you. I may not. You may not be tyranical dominator collecting everyone's secrets.
> I don't know so how can I get your certificate .
Onus is upon you.
I do not have to tell you anything if I don't want to. I have right to privacy. If you want my number, try asking. I may tell you. I may not. You may not be tyranical dominator collecting everyone's secrets.
#4) "..being solved in real time."
Quite a bit different for much of usage, than way I read your descriptions. Perhaps I have something to tell you. You say, how do I know it is really you? For I cannot see you. etc. So I give you my number, to prove me out, that I am valid, who I say I am. Then you can call CA to check me out, and take it from there.
Quite a bit different for much of usage, than way I read your descriptions. Perhaps I have something to tell you. You say, how do I know it is really you? For I cannot see you. etc. So I give you my number, to prove me out, that I am valid, who I say I am. Then you can call CA to check me out, and take it from there.
#5) " I want to send a message in a encrypted format using your public key."
Not that good an idea.
Why not send a message using your own key? Otherwise, it can lead to perversion, and other contorted convolutions unnecessarily.
Not that good an idea.
Why not send a message using your own key? Otherwise, it can lead to perversion, and other contorted convolutions unnecessarily.
1) Get hold of PGP Corporate Desktop software or similar package, much of this is done for you. I use both PGP and the client stuff built into MS Outlook.
2) You need to know which CA to use so correspondents must tell each other which certification scheme is in use. This makes sense as PKI only works if you both trust the CA. You may need to use multiple CAs, for example bo9th Versign & PGP servers, eg ldap://keyserver.pgp.com.
3)Some email clients recognise encrypted/signed messages and will automatically process them. Usually to make this work you must download the sender's certificate. Again with clients such as Outlook this can be automated. Go to the verisign site, request the public certificate for a particular email address and Outlook with store it in the address book. Other clients have similar capabilities.
For PGP the desktop client can decrypt/verify objects such as a file, or in the MS environment, the current Window.
4) In theory, the validity of a certificate can be checked in real time via Online Certificate Status Protocol (OCSP). In practice, this is not yet implemented by most clients so if the certificate has been revoked you won't find out about it unless you download it again.
Sorry if this sounds complex, but the main thing to remember is that you need software that handles the management, storage and operation of the certificates and you then need to understand how to work that software which can vary in complexity.
PS Sending data to another user using their public key is the correct way to make sure that only they can read the contents. That is why you must trust the issuer of that public key and the mechanism that you use to get a copy of it.
Hope this helps.
PS
2) You need to know which CA to use so correspondents must tell each other which certification scheme is in use. This makes sense as PKI only works if you both trust the CA. You may need to use multiple CAs, for example bo9th Versign & PGP servers, eg ldap://keyserver.pgp.com.
3)Some email clients recognise encrypted/signed messages and will automatically process them. Usually to make this work you must download the sender's certificate. Again with clients such as Outlook this can be automated. Go to the verisign site, request the public certificate for a particular email address and Outlook with store it in the address book. Other clients have similar capabilities.
For PGP the desktop client can decrypt/verify objects such as a file, or in the MS environment, the current Window.
4) In theory, the validity of a certificate can be checked in real time via Online Certificate Status Protocol (OCSP). In practice, this is not yet implemented by most clients so if the certificate has been revoked you won't find out about it unless you download it again.
Sorry if this sounds complex, but the main thing to remember is that you need software that handles the management, storage and operation of the certificates and you then need to understand how to work that software which can vary in complexity.
PS Sending data to another user using their public key is the correct way to make sure that only they can read the contents. That is why you must trust the issuer of that public key and the mechanism that you use to get a copy of it.
Hope this helps.
PS
Hey people,
No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts awarded to SunBow (yes...all five).
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
Zenlion420
EE Page Editor
No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts awarded to SunBow (yes...all five).
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
Zenlion420
EE Page Editor
> "..who will check the validity of your certificate"
Of course the onus is upon you. You received a number, somehow. You may accept it or not. Therefor, it is you, no-one else, who must decide whether or not to check up on its validity