What is a Digital Certificate and Digital Signature? [Full working in depth]

To understand the concept of Digital Certificates you need to be clear with the concepts of encryption.

Learn about encryption here:- Learn Encryption. (Without this you will not be able to understand Digital Certificate)

What is a Digital certificate?

Digital certificates are used to check the authenticity of a website (website’s public key). It contains all the encrypted data of the website including the public key of the website.

 Understanding working practically. 💠

 

 Why do we need a digital certificate? 💠

As we all know, all the HTTPS websites use encryption for sending and receiving data.

Let’s understand this with a practical example:

  • CLIENT (Client is anything that starts the conversation with the server. Eg: my browser)  🛡
  • SERVER (Here we are considering the server of our website www.innovativenoob.com ) 🛡
  • HACKER (a malicious person with bad intent) 🛡

I wanted to visit www.innovativenoob.com so I opened my browser (Client) and entered the website URL. My browser sent ‘Hi’ to the website server. The server also responded with a ‘Hi’ + Its Public Key.

Now we received a ‘Hi’ and the public key of the website. Now we will use the website’s public key to encrypt the data, and the website will use its private key to decrypt it and vice versa.

In this manner, our communication will be secure(encrypted). Everything is perfect huh? 🏴‍☠️

 

 Well, let’s take another Case 2 💠

 

I wanted to visit www.innovativenoob.com so I opened my browser (Client) and entered the website URL. My browser sent ‘Hi’ to the website server. The server also responded with a ‘Hi’ + Its Public Key.

But this time a Hacker was intercepting the network. So he took the public key of website and replaced it with his own public key, then forwarded the message to me.

https, http, encryption

This time also I received ‘Hi’ + public key.

According to me, it was the public key of the website, but in reality, it was hackers public key. ✈

 

After that, any communication between me(my client) and the website server will pass through the hacker.⚔

The hacker will receive my message(which is encrypted by his public key).

He will decrypt the message(Using his private key) (He may just read it or even make some changes) then forward it to website server(by encrypting it with website’s public key). And the website will further decrypt the message using its private key.🏴

This process will go on vice versa.

 

So what’s the use of all encryption?

Our data is compromised 🤷

What was the cause of all this?

It was when the hacker exchanges the keys. And we assumed it to be the original key of the website.

 

At this point, we needed a system to check that the key we are receiving is original. ⚔

 

Here the concept of DIGITAL CERTIFICATE was born.

 

 How does Digital Certificate work? 💠

 

To make things run smoothly. We had an option to store all the public keys of all the websites in our computer. But this is practically not possible as there are millions of websites and each day many new are created and destroyed! 🔥

Then later, Many certified authorities(Eg: VeriSign) came up(There are limited authorities in the world). Their task was to check the authenticity of a website then provide them a certificate.

But how will the certificate help us to resolve the issue? 🤷‍♂️

A certificate has all the information on our website with the validity of the certificate.

After that as there are a limited number of certified authorities in this world. It is possible to store everyone’s public key in our computer (our computer comes preinstalled with the keys).

 

For understanding further you need to be clear with Symmetric encryption and Asymmetric encryption.

 

⭐Practically, using Asymmetric encryption has a limitation, that is only good for small data. If we implement it in large data, the process will become very slow.

So for proper communication, we use Symmetric encryption and for exchanging keys we use Asymmetric encryption.⭐

 What is a Digital Signature? 💎

encryption, cryptography, hash cryptography

The meaning of signing anything digitally is to make Hash of the data(which has all the info of our website and our public key in this case), then encrypt it with the private key. Also, it contains that which hash is used.

 

What is a Digital Certificate? 💎

The digital certificate is basically all the data(information) of the website, in this case, the validity of the certificate and most important:- My Public key.

💫If we sum up all these things together:-

Certified authorities make a Digital certificate for our website and then Digitally Sign(all the data of our website is Hashed and further encrypted with the private key of authority) it with their private key. The encrypted data is then attached with original data. This combination is known as Digital certificate.

digital certificate

Now if I send a ‘Hi‘ to my website, my website will send its certificate in return.

Our computer will take the data and the encrypted part separately.

🕯

First, it passes the data with the hash function (which is mentioned in the data that which Hash function is being used). In result, it will get a hashed value. 

The second step will be that the digitally signed part is taken and decrypted using the key which is already present in our computer(public key of certified authorities). We will get the Hash. 🔑

If both the hash matches it means that the certificate is genuine. And the key that we received with the plain data of the website(which is attached to the certificate) is the genuine key of the website.

 

 Conclusion: 💠

All we wanted was that the websites public key must securely reach to the client.

For doing this we used the concept of digital certificates.

We know that all the computer has the public key of certified authorities pre-installed.

We approach the company and requested to make a digital certificate for us.

The company took all our information (including our public key 🔑) and Hashed it, then further encrypted the Hash by using their private key. (This process is Signing the data digitally)

 

Then the company attached the encrypted result with our data(This combination is known as digital signature)

A Digital signature has 2 parts:

  1. The encrypted part of our data. 🔑
  2. Our data in plain text format. 🔑

Now we have our certificate, if anyone sends ‘Hi’ to us, we will send the client our digital certificate.

The client will separate the plain data part and the encrypted part. 

The plain data will be  Hashed by the client and the client will get the hashed value.

The encrypted data will be decrypted by using the key present in the computer itself.

 

In conclusion,  if both the Hashes matches. 🔑

Bingo! The public key that was present in the plain data of the website is the genuine key of the website!

Author: INNOVATIVE NOOB 💡

 

Also Read:-

Leave a Reply

Your email address will not be published. Required fields are marked *