How do digital certificates work
Quora User. Software developer, sailor and seeing life is a rogue wave in a quantum sea
It is hard to explain the role of digital certificates if you don't understand public key cryptography and the concept of a signing authority.
So allow a short analogy:
A digital certificate is an electronic document that says you are who you say you are that others can trust to be true. Either as an individual or a company. The problem is, being digital, it can be easily copied or forged. How do you know that the certificate is authentic?
You engage a third party called a "signing authority" that verifies who you are. They take your information, make sure you are who you say you are and "sign" your certificate and that tells others that the information on the certificate is true. The real-world equivalent is a notary public. A notary verifies your documents and affixes their stamp to them saying everything is true and correct under the law. In both cases, a signature is applied to the digital certificate or the real world document by the signing authority or the notary, respectively, validating the information.
Signatures can be forged in the real-world as well as the digital one. So to make sure they can't, the digital signature is generated using the information on the certificate itself along with some additional information from the signing authority which only they (theoretically) know. If anything in the digital certificate is altered, the signature
changes. This indicates the certificate is invalid or not what it says to be.
When digital certificates are exchanged, these signatures are verified. So it is easy to detect whether or not someone is lying about who they say they are.
Why is all of this necessary?
This process allows you to establish trusted relationships between entities, such as your computer and your banking web site, to make sure the bank is who they say they are. A third party is working with the bank to give you that trust on their behalf. By creating these digital lines of trust, it was possible to create security on the Internet to make sure the communications between you, your bank, an online store, etc could be trusted and it was safe to send credit card information and other sensitive information back-and-forth and know it wasn't intercepted or changed in the meantime.
The signing authority creates that trust by verifying, "Yes, that is your bank's digital certificate because we verified who they are, signed our name to it and we back up that it hasn't been altered in the meantime.". Because of the nature of the digital world, we just don't take the site's word for it.
This is a gross oversimplification but it is hard to explain this since it constitutes a major part of the invisible plumbing of the Internet as we use it today. Hope this makes sense.
114 views • Written 63w ago • Not for ReproductionSource: www.quora.com