Solved

Digital Certificate Validation/checking

Posted on 2002-03-27
7
270 Views
Last Modified: 2012-05-04
Dear Sirs/mame,
       I have some queries about DIgital Certification.
          In the real time senario, Suppose I want to send a message in a encrypted  format  using your public key.
Case 1:-
I need your digitall certificate which I can request to CA.But how this request is made to CA. There are lots of CAs and from whom you have aquired the certificate that I don't know so how can I get your certificate .
 
case 2:-
I am having your Digital certificate.While using your certificate for encrypting the content,who will check the validity of your certificate.
 
case 3:-
Suppose all of the above task is completed (means your certificate is checked and endorsed by third part). I have sent you document with digitally sign using my Digitally Certificate which you are supposed to recieve after two days.Before you opened the document ,my Certificate is revoked.Can you stll see the document or document is no longer valid?
 
How all these senarioes are being solved in real time.
 
waiting for your reply,
narendra.
 
0
Comment
Question by:naren_parmar
  • 5
7 Comments
 
LVL 24

Accepted Solution

by:
SunBow earned 5 total points
ID: 6904046
(You really need to up the points to get more attention to four separate questions)

#3) .Can you stll see the document or document is no longer valid?

Yes.
It is not you, but me who must check whether certificate revoked. I don't check, so I do not know certificate is invalid, so I can do what I want with it.

Note that usually, my behaving this way would make me more vulnerable, because revocation should indicate invalidity, problems, etc.  So in theory, I should not behave that way.

But in practice, sure, a 3rd party can bypass the strictness to regulation, and continue to accept (and use)certificates even when invalid.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904057
#2) > "I am having ..."
> "..who will check the validity of your certificate"

Of course the onus is upon you.  You received a number, somehow.  You may accept it or not. Therefor, it is you, no-one else, who must decide whether or not to check up on its validity
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904065
#1)
>  I don't know so how can I get your certificate .

Onus is upon you.

I do not have to tell you anything if I don't want to. I have right to privacy.  If you want my number, try asking. I may tell you. I may not. You may not be tyranical dominator collecting everyone's secrets.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 24

Expert Comment

by:SunBow
ID: 6904071
#4) "..being solved in real time."

Quite a bit different for much of usage, than way I read your descriptions.  Perhaps I have something to tell you. You say, how do I know it is really you? For I cannot see you. etc. So I give you my number, to prove me out, that I am valid, who I say I am. Then you can call CA to check me out, and take it from there.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904076
#5) " I want to send a message in a encrypted  format using your public key."

Not that good an idea.

Why not send a message using your own key? Otherwise, it can lead to perversion, and other contorted convolutions unnecessarily.
0
 
LVL 1

Expert Comment

by:tonimargiotta
ID: 6912479
1) Get hold of PGP Corporate Desktop software or similar package, much of this is done for you.  I use both PGP and the client stuff built into MS Outlook.

2) You need to know which CA to use so correspondents must tell each other which certification scheme is in use.  This makes sense as PKI only works if you both trust the CA.  You may need to use multiple CAs, for example bo9th Versign & PGP servers, eg ldap://keyserver.pgp.com.

3)Some email clients recognise encrypted/signed messages and will automatically process them. Usually to make this work you must download the sender's certificate.  Again with clients such as Outlook this can be automated.  Go to the verisign site, request the public certificate for a particular email address and Outlook with store it in the address book.  Other clients have similar capabilities.

For PGP the desktop client can decrypt/verify objects such as a file, or in the MS environment, the current Window.

4) In theory, the validity of a certificate can be checked in real time via Online Certificate Status Protocol (OCSP).  In practice, this is not yet implemented by most clients so if the certificate has been revoked you won't find out about it unless you download it again.

Sorry if this sounds complex, but the main thing to remember is that you need software that handles the management, storage and operation of the certificates and you then need to understand how to work that software which can vary in complexity.

PS Sending data to another user using their public key is the correct way to make sure that only they can read the contents.  That is why you must trust the issuer of that public key and the mechanism that you use to get a copy of it.

Hope this helps.

PS


0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9709118
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts awarded to SunBow (yes...all five).
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange2013 MAPI 6 66
FSRREMOS 7 57
Rogue RDP Connections 5 60
Tool to test the firewall  protection 9 39
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question