Solved

Digital Certificate Validation/checking

Posted on 2002-03-27
7
271 Views
Last Modified: 2012-05-04
Dear Sirs/mame,
       I have some queries about DIgital Certification.
          In the real time senario, Suppose I want to send a message in a encrypted  format  using your public key.
Case 1:-
I need your digitall certificate which I can request to CA.But how this request is made to CA. There are lots of CAs and from whom you have aquired the certificate that I don't know so how can I get your certificate .
 
case 2:-
I am having your Digital certificate.While using your certificate for encrypting the content,who will check the validity of your certificate.
 
case 3:-
Suppose all of the above task is completed (means your certificate is checked and endorsed by third part). I have sent you document with digitally sign using my Digitally Certificate which you are supposed to recieve after two days.Before you opened the document ,my Certificate is revoked.Can you stll see the document or document is no longer valid?
 
How all these senarioes are being solved in real time.
 
waiting for your reply,
narendra.
 
0
Comment
Question by:naren_parmar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 24

Accepted Solution

by:
SunBow earned 5 total points
ID: 6904046
(You really need to up the points to get more attention to four separate questions)

#3) .Can you stll see the document or document is no longer valid?

Yes.
It is not you, but me who must check whether certificate revoked. I don't check, so I do not know certificate is invalid, so I can do what I want with it.

Note that usually, my behaving this way would make me more vulnerable, because revocation should indicate invalidity, problems, etc.  So in theory, I should not behave that way.

But in practice, sure, a 3rd party can bypass the strictness to regulation, and continue to accept (and use)certificates even when invalid.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904057
#2) > "I am having ..."
> "..who will check the validity of your certificate"

Of course the onus is upon you.  You received a number, somehow.  You may accept it or not. Therefor, it is you, no-one else, who must decide whether or not to check up on its validity
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904065
#1)
>  I don't know so how can I get your certificate .

Onus is upon you.

I do not have to tell you anything if I don't want to. I have right to privacy.  If you want my number, try asking. I may tell you. I may not. You may not be tyranical dominator collecting everyone's secrets.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 24

Expert Comment

by:SunBow
ID: 6904071
#4) "..being solved in real time."

Quite a bit different for much of usage, than way I read your descriptions.  Perhaps I have something to tell you. You say, how do I know it is really you? For I cannot see you. etc. So I give you my number, to prove me out, that I am valid, who I say I am. Then you can call CA to check me out, and take it from there.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 6904076
#5) " I want to send a message in a encrypted  format using your public key."

Not that good an idea.

Why not send a message using your own key? Otherwise, it can lead to perversion, and other contorted convolutions unnecessarily.
0
 
LVL 1

Expert Comment

by:tonimargiotta
ID: 6912479
1) Get hold of PGP Corporate Desktop software or similar package, much of this is done for you.  I use both PGP and the client stuff built into MS Outlook.

2) You need to know which CA to use so correspondents must tell each other which certification scheme is in use.  This makes sense as PKI only works if you both trust the CA.  You may need to use multiple CAs, for example bo9th Versign & PGP servers, eg ldap://keyserver.pgp.com.

3)Some email clients recognise encrypted/signed messages and will automatically process them. Usually to make this work you must download the sender's certificate.  Again with clients such as Outlook this can be automated.  Go to the verisign site, request the public certificate for a particular email address and Outlook with store it in the address book.  Other clients have similar capabilities.

For PGP the desktop client can decrypt/verify objects such as a file, or in the MS environment, the current Window.

4) In theory, the validity of a certificate can be checked in real time via Online Certificate Status Protocol (OCSP).  In practice, this is not yet implemented by most clients so if the certificate has been revoked you won't find out about it unless you download it again.

Sorry if this sounds complex, but the main thing to remember is that you need software that handles the management, storage and operation of the certificates and you then need to understand how to work that software which can vary in complexity.

PS Sending data to another user using their public key is the correct way to make sure that only they can read the contents.  That is why you must trust the issuer of that public key and the mechanism that you use to get a copy of it.

Hope this helps.

PS


0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9709118
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts awarded to SunBow (yes...all five).
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question