Digital Certificates are used for secure communication between two parties. In digital certification we ensure that the peoples who are using our apps or services are securely communicating with each other and those peoples can be individual consumers or businesses.
In Digital Certification we use both Hashing and Asymmetric encryption for creating digital signatures.
After encrypting the hash of data we obtain a digital signature later which is used for verification of data.
As there are a lot more peoples and private businesses have their presence on internet for public and as well se private communication according to their business needs.
The number of peoples and businesses online is continuing increasing. As the communication is becoming cheaper and easily available so people start spending more time online and most of the time they do personal communications as well.
As Internet is open for all, everybody can get connected and start communication. Internet was originally designed for communication in mind but not security So some internet criminals started taking advantages from internet vulnerabilities for illegal gains.
Now the business need security to succeed on internet and that’s where digital certification comes into play.
Digital Certificates provide us secure and confidential way to communicate.
Public Key Infrastructure (PKI)
Digital certificates are part of PKI (Public Key Infrastructure) which is a cryptographic system for creating digital certificates.
PKI uses two keys one is public key and the other one is private key. PKI actually based on Asymmetric Encryption. The public key is known by all and private key is only known by key owner and should be kept in secure place.
The unique thing about the keys is that both are mathematically related to each other in such a way so that the message can be encrypted by private key and only the corresponding public key can decrypt the message. If you know the public key, then it is impossible to infer the private key.
Suppose we have to persons Ahmed and Fatima. They both want to communicate securely. So what process they should have to follow for secure and confidential communication.
1. First Ahmed hashes his message to generate hash.
2. Then he encrypts the hash with his private key to create digital signature.
3. When Fatima receives Ahmed’s message on other hand then she also receives digital signature.
4. Fatima decrypts the signature with her public key to get hash from signature.
5. Now Fatima has both signature hash and message, Fatima will hash her message to compare whether her hash and hash from Ahmed match are not.
If the both hashes matched, then we can say Fatima received the actual message from Ahmed otherwise the message was changed.
Certificate Authority (CA)
In digital certification CA (Certification Authority) is third part individual that issues certificates that are trustworthy to all other parties involved in communication.
Certification authority issues the certificates that contain public key, certificate subject, and details about authority itself.
For now, about CA you just keep in mind there are some authorities who issue certificates and you need to trust them so that secure communication can happen
Creating Certificate with Makecert.exe
At development level we can use a tool Makecert.exe to create X.509 certificates for testing purposes.
X.509 Certificate: X.509 certificate is standard that is widely used for defining digital certificate. X.509 uses PKI (Public Key Infrastructure) to verify the identity of user with public key.
To create certificate using makecert open visual studio developer command prompt as administrator and run the following command.
makecert -n "cn=sampleCertSubject" -sr currentuser -ss sampleCertStore
The command will create a new certificate and install that into a certificate store name sampleCertStore at current user location.
At this point we successfully created a certificate in store named sampleCertStore. Now we can use our certificate from sampleCertStore to successfully sign and verify data.
Now if Ahmed has to send data to Fatima then he needs to sign data with private key. To sign data, he has to follow some simple steps that are explained in following code snippet. Once he signed the data then he should send both signature and data.
On other hand when Fatima receives Ahmed’s message and signature then she uses her public key to verify the message.
Following here is the complete source code.