digital certificate

Unanswered Question
Jon Marshall Thu, 02/15/2007 - 13:15


A digital certificate contains your public key plus some verfication of who you are and is used to encrypt data or in many cases to exchange a symmteric key securely.

The key thing to note is that with a public key you also have a private key. Anything encrypted with your public key can only be decrypted by your private key and vice-versa. Your public key can be given to anyone but only you have your private key.

If i wanted to send data to you i would take your digital certificate which contains your public key and encrypt the data with your public key. Now the only person who can decrypt that data is you because only you have the private key to go with your public key.

** Note in the real world encrypting and decrypting a lot of data with a public/private key pair is computationally expensive so what i would do is encrypt a shared secret with your public key. You then decrypt that shared key with your private key and then we use the shared key to encrypt/decrypt the data. ***

A digital signature is used to prove the identity of the person sending you data. So if i wanted to send you some data and prove i sent it i sign the data with private key. (Signing in simplified form is running the data through an algorithm together with my private key). When your receive the data you can use my public key which is available to anyone to run the data through the same algorithm and if all is well you know i sent you the data.

** Note because everyone has access to my public key signing does not protect the data in the way encrypting does. It just proves i was the one who sent the data. **




This Discussion