Solved

Digital Certificate Validation/checking

Posted on 2002-03-27
7
263 Views
Last Modified: 2012-05-04
Dear Sirs/mame,
       I have some queries about DIgital Certification.
          In the real time senario, Suppose I want to send a message in a encrypted  format  using your public key.
Case 1:-
I need your digitall certificate which I can request to CA.But how this request is made to CA. There are lots of CAs and from whom you have aquired the certificate that I don't know so how can I get your certificate .
 
case 2:-
I am having your Digital certificate.While using your certificate for encrypting the content,who will check the validity of your certificate.
 
case 3:-
Suppose all of the above task is completed (means your certificate is checked and endorsed by third part). I have sent you document with digitally sign using my Digitally Certificate which you are supposed to recieve after two days.Before you opened the document ,my Certificate is revoked.Can you stll see the document or document is no longer valid?
 
How all these senarioes are being solved in real time.
 
waiting for your reply,
narendra.
 
0
Comment
Question by:naren_parmar
  • 5
7 Comments
 
LVL 24

Accepted Solution

by:
SunBow earned 5 total points
ID: 6904046
(You really need to up the points to get more attention to four separate questions)

#3) .Can you stll see the document or document is no longer valid?

Yes.
It is not you, but me who must check whether certificate revoked. I don't check, so I do not know certificate is invalid, so I can do what I want with it.

Note that usually, my behaving this way would make me more vulnerable, because revocation should indicate invalidity, problems, etc.  So in theory, I should not behave that way.

But in practice, sure, a 3rd party can bypass the strictness to regulation, and continue to accept (and use)certificates even when invalid.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904057
#2) > "I am having ..."
> "..who will check the validity of your certificate"

Of course the onus is upon you.  You received a number, somehow.  You may accept it or not. Therefor, it is you, no-one else, who must decide whether or not to check up on its validity
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904065
#1)
>  I don't know so how can I get your certificate .

Onus is upon you.

I do not have to tell you anything if I don't want to. I have right to privacy.  If you want my number, try asking. I may tell you. I may not. You may not be tyranical dominator collecting everyone's secrets.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 24

Expert Comment

by:SunBow
ID: 6904071
#4) "..being solved in real time."

Quite a bit different for much of usage, than way I read your descriptions.  Perhaps I have something to tell you. You say, how do I know it is really you? For I cannot see you. etc. So I give you my number, to prove me out, that I am valid, who I say I am. Then you can call CA to check me out, and take it from there.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904076
#5) " I want to send a message in a encrypted  format using your public key."

Not that good an idea.

Why not send a message using your own key? Otherwise, it can lead to perversion, and other contorted convolutions unnecessarily.
0
 
LVL 1

Expert Comment

by:tonimargiotta
ID: 6912479
1) Get hold of PGP Corporate Desktop software or similar package, much of this is done for you.  I use both PGP and the client stuff built into MS Outlook.

2) You need to know which CA to use so correspondents must tell each other which certification scheme is in use.  This makes sense as PKI only works if you both trust the CA.  You may need to use multiple CAs, for example bo9th Versign & PGP servers, eg ldap://keyserver.pgp.com.

3)Some email clients recognise encrypted/signed messages and will automatically process them. Usually to make this work you must download the sender's certificate.  Again with clients such as Outlook this can be automated.  Go to the verisign site, request the public certificate for a particular email address and Outlook with store it in the address book.  Other clients have similar capabilities.

For PGP the desktop client can decrypt/verify objects such as a file, or in the MS environment, the current Window.

4) In theory, the validity of a certificate can be checked in real time via Online Certificate Status Protocol (OCSP).  In practice, this is not yet implemented by most clients so if the certificate has been revoked you won't find out about it unless you download it again.

Sorry if this sounds complex, but the main thing to remember is that you need software that handles the management, storage and operation of the certificates and you then need to understand how to work that software which can vary in complexity.

PS Sending data to another user using their public key is the correct way to make sure that only they can read the contents.  That is why you must trust the issuer of that public key and the mechanism that you use to get a copy of it.

Hope this helps.

PS


0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9709118
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts awarded to SunBow (yes...all five).
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now