Alice (as a Certificate Authority or CA) makes a Digital Certificate (DC) to hold Dawn’s public key. The DC includes the plaintext (P) and signed hash of the plaintext P (the hash was signed by Alice). In the plaintext P, a key is included and Alice proclaims that the key is Dawn’s public key. Alice sends the DC to Bob. Bob wants a trusted copy of Dawn’s public key from the DC sent by Alice (CA)
Explain how Bob can verify the Dawn’s public key in the plaintext P is genuine. Note that Bob has Alice’s public key and a hash function used by Alice is also available to Bob. Please draw a diagram to explain your answer. Your answer should start with “When Bob receives the DC from Alice, ……”
Certificates are marked and conveyed safely by a trusted third party substance called a Certificate Authority (CA). For whatever length of time that Bob and Alice believe this third party, the CA, they can be guaranteed that the keys have a place with the persons they claim to be. Certificates are marked by a CA, which implies that they can’t be modified. Thus, the CA signature can be checked utilizing that CA’s certificate.
A certificate contains in addition to other things:
1) The CA’s identity
2) The owner’s identity
3) The owner’s public-key
4) The certificate expiry date
5) The CA’s signature of that certificate
6) Other data that is past the extent of this article.
With a certificate rather than a public-key, a beneficiary can now check a couple of things about the backer to ensure that the certificate is valid and has a place with the person guaranteeing its ownership:
1) Compare the owner’s identity
2) Verify that the certificate is still valid
3) Verify that the certificate has been marked by a trusted CA
4) Verify the guarantor’s certificate signature, thus ensuring it has not been adjusted.
Bob can now check Alice’s certificate and be guaranteed that it is Alice’s private-key that has been utilized to sign the message. Alice must be cautious with her private-key and should not uncover how to get to it; thusly, she is implementing one part of the non-disavowal highlight connected with her digital signature.
At the point when Alice encrypts a message for Bob, she uses Bob’s certificate. Before utilizing the public-key included as a part of Bob’s certificate, some extra strides are performed to validate Bob’s certificate:
1) Validity time of Bob’s certificate
2) The certificate has a place with Bob
3) Bob’s certificate has not been modified
4) Bob’s certificate has been marked by a trusted CA
Additional stages would be required to validate the CA’s certificate for the situation where Alice does not trust Bob’s CA. These means are indistinguishable to the ones requires to validate Bob’s certificate. In the case underneath, it is accepted that both Bob and Alice assume that CA.
Bob needs to ensure that the PuKA incorporated into CertA has a place with Alice is still valid.
He checks the Id field and discovers CAId, which is Alice’s identity. Indeed, the main thing he truly knows is that this certificate seems to have a place with Alice.
He then checks the validity fields and finds that the present date and time is inside the validity time frame. So far the certificate appears to have a place with Alice and to be valid.
A definitive check happens by confirming CertA’s signature utilizing the CA’s public key (PuKB found in CertDB). If CertB signature is alright, this implies:
a) Alice’s certificate has been marked by the CA in which Alice and Bob have put all their trust.
b) Alice’s certificate uprightness is demonstrated and has not been changed at all.
c) Alice’s identity is guaranteed and the public-key incorporated into the certificate is still valid and has a place with Alice. In this manner, Bob can encrypt the message and be guaranteed that exclusive Alice will have the capacity to peruse it.
Comparable strides will be performed by Alice on Bob’s certificate before checking Alice’s signature.