A digital certificate is a digital document that verifies the identity of an entity (such as a website, server, or individual) and provides a means for secure communication by encrypting data exchanged between the user's device and the entity's server.
They play a crucial role in ensuring the confidentiality, integrity, and authenticity of data transmitted over the internet.
Digital certificates function through the use of public-private key pairs.
What is the primary use of digital certificates in e-commerce?
Public and private keys are core components of asymmetric cryptography, also known as public-key cryptography. The public and private keys are mathematically related in such a way that data encrypted with one key can only be decrypted with the other key.
The public key is intended to be shared openly and is often associated with an individual or entity. Anyone can use the public key to encrypt data or verify digital signatures, but it cannot be used to decrypt data.
The private key is used for decrypting data that has been encrypted with the corresponding public key and for creating digital signatures.. It must be kept secret and should never be shared with anyone.
What is the role of the private key in a digital certificate?
When a website and client establish a connection they each send their public key to the other and all subsequent data is encrypted using the recipients public key before sending. This means that only the intended recipient can decrypt the message.
key exchange
Certificate Authorities (CAs) are trusted organisations who are responsible for issuing, managing, and verifying the digital certificates that websites use to prove who they are. They are used to ensure that your browser has connected to the website you think you have connected to and you have been the victim of DNS hijacking.
Websites are issued digital certificates by CAs and the certificate is encrypted using the private key of the CA. When a website communicates with a client it sends this certificate and the browser uses the public key it has been given directly by the CA to decrypt the digital certificate, verifying that the website is legitimate.
One of the disadvantages of asymmetric encryption is that it is computationally expensive, making it too inefficient for high speed data transmission, such as video streaming.
Once a client and server has established a connection they switch more efficient symmetric encryption using the Diffie-Hellman key-exchange technique of combining public-private key pairs in order produce a shared secret which can be used to encrypt data.
Which encryption method is more computationally expensive?