Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 278
  • Last Modified:

Digital Certificate Validation/checking

Dear Sirs/mame,
       I have some queries about DIgital Certification.
          In the real time senario, Suppose I want to send a message in a encrypted  format  using your public key.
Case 1:-
I need your digitall certificate which I can request to CA.But how this request is made to CA. There are lots of CAs and from whom you have aquired the certificate that I don't know so how can I get your certificate .
 
case 2:-
I am having your Digital certificate.While using your certificate for encrypting the content,who will check the validity of your certificate.
 
case 3:-
Suppose all of the above task is completed (means your certificate is checked and endorsed by third part). I have sent you document with digitally sign using my Digitally Certificate which you are supposed to recieve after two days.Before you opened the document ,my Certificate is revoked.Can you stll see the document or document is no longer valid?
 
How all these senarioes are being solved in real time.
 
waiting for your reply,
narendra.
 
0
naren_parmar
Asked:
naren_parmar
  • 5
1 Solution
 
SunBowCommented:
(You really need to up the points to get more attention to four separate questions)

#3) .Can you stll see the document or document is no longer valid?

Yes.
It is not you, but me who must check whether certificate revoked. I don't check, so I do not know certificate is invalid, so I can do what I want with it.

Note that usually, my behaving this way would make me more vulnerable, because revocation should indicate invalidity, problems, etc.  So in theory, I should not behave that way.

But in practice, sure, a 3rd party can bypass the strictness to regulation, and continue to accept (and use)certificates even when invalid.
0
 
SunBowCommented:
#2) > "I am having ..."
> "..who will check the validity of your certificate"

Of course the onus is upon you.  You received a number, somehow.  You may accept it or not. Therefor, it is you, no-one else, who must decide whether or not to check up on its validity
0
 
SunBowCommented:
#1)
>  I don't know so how can I get your certificate .

Onus is upon you.

I do not have to tell you anything if I don't want to. I have right to privacy.  If you want my number, try asking. I may tell you. I may not. You may not be tyranical dominator collecting everyone's secrets.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
SunBowCommented:
#4) "..being solved in real time."

Quite a bit different for much of usage, than way I read your descriptions.  Perhaps I have something to tell you. You say, how do I know it is really you? For I cannot see you. etc. So I give you my number, to prove me out, that I am valid, who I say I am. Then you can call CA to check me out, and take it from there.
0
 
SunBowCommented:
#5) " I want to send a message in a encrypted  format using your public key."

Not that good an idea.

Why not send a message using your own key? Otherwise, it can lead to perversion, and other contorted convolutions unnecessarily.
0
 
tonimargiottaCommented:
1) Get hold of PGP Corporate Desktop software or similar package, much of this is done for you.  I use both PGP and the client stuff built into MS Outlook.

2) You need to know which CA to use so correspondents must tell each other which certification scheme is in use.  This makes sense as PKI only works if you both trust the CA.  You may need to use multiple CAs, for example bo9th Versign & PGP servers, eg ldap://keyserver.pgp.com.

3)Some email clients recognise encrypted/signed messages and will automatically process them. Usually to make this work you must download the sender's certificate.  Again with clients such as Outlook this can be automated.  Go to the verisign site, request the public certificate for a particular email address and Outlook with store it in the address book.  Other clients have similar capabilities.

For PGP the desktop client can decrypt/verify objects such as a file, or in the MS environment, the current Window.

4) In theory, the validity of a certificate can be checked in real time via Online Certificate Status Protocol (OCSP).  In practice, this is not yet implemented by most clients so if the certificate has been revoked you won't find out about it unless you download it again.

Sorry if this sounds complex, but the main thing to remember is that you need software that handles the management, storage and operation of the certificates and you then need to understand how to work that software which can vary in complexity.

PS Sending data to another user using their public key is the correct way to make sure that only they can read the contents.  That is why you must trust the issuer of that public key and the mechanism that you use to get a copy of it.

Hope this helps.

PS


0
 
zenlion420Commented:
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts awarded to SunBow (yes...all five).
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now