Most server software permits client authentication by
means of a user ID and password. For example, a server might require
a name and password before granting access to the server. The server
maintains a list of names and passwords to which it will grant access.
Another form of authentication is a client certificate with a
digital signature.
Public key cryptography employs certificates to avoid impersonation.
A certificate is a binding between a subject identity and a public
key. In other words, a certificate is a document that claims the
embedded public key belongs to that subject. Anyone can produce a
certificate, so how can we have confidence the claim is true? The
answer is to delegate the verification.
-
Certificate Authority (CA). Certificate Authority
(CA) is an entity that follows certain procedures to verify the
public key really belongs to the subject and the subject is really
who he claims to be. Obtaining a certificate involves a one-time exchange
between the CA and the subject. The subject creates a Certificate Request which
also creates a new key pair. The subject keeps the private key secret
and sends the certificate request (which contains the public key)
to the Certificate Authority. The CA performs all the checks including
validating the requester. The CA responds with a certificate
request response, which is used to update the requester’s
key pair.
A CA publishes its certificate to allow applications
to verify the signature in the certificates it issued. A Root
CA is a CA that signed its own certificate. This is
common for commercial companies like VeriSign, or for internal projects
that know they can trust themselves. A CA that publishes a certificate
signed by another CA is called an Intermediate CA.
-
Certificate Chain. Certificate Chain is an ordered sequence
starting with the subject certificate up to the Root CA where each
certificate is followed by the certificate that signed it. A self-signed
certificate has a chain of depth 1. Most certificates have a chain
of depth 2 consisting of the subject certificate and the Root CA.
A certificate chain of depth 3 including an Intermediate CA is less
common.
A CA may revoke a certificate it issued if it determines
the certificate is no longer valid before its expiration date. For
example, this can happen if an employee leaves the company or the
private key is compromised. The Certificate Revocation List contains
the list of all certificates the CA revoked.
-
Keystore. A Keystore is an object that holds keys. It
can contain symmetric keys, private keys or public keys in the form
of certificates. A keystore is usually a binary file, but it can
also be implemented as a crypto module in hardware.
-
Certstore. A Certstore is an object that holds certificates
and Certificate Revocation Lists. This is different than a keystore
because there may not be any provisions to store symmetric or private
keys. In iWay Service Manager, a certstore can be implemented as
a keystore, a collection of files in a directory, or with LDAP.
-
Truststore. A Truststore is a certstore that contains
exclusively the signing certificate of Trusted CAs.
-
Digital Signature. A Digital Signature is a binding between
a document and an identity. This is achieved by encrypting the hash
of the document with the private key of the signer. The signature
is then sent together with the document. The recipient needs to
follow these steps to verify the signature. It recomputes the hash
over the original document. It finds the certificate of the originator
to obtain its public key. It decrypts the signature using the public
key to obtain the hash computed by the originator. The signature
is valid if the two hash values match. This proves the document has
not been tampered with after it was signed. Furthermore, we know
the document came from that originator because only the originator
knows the private key used in the signature. The identity in the
originator certificate can be trusted if the certificate has been
signed by one of the Trusted CAs.
Certificates can be used to
replace user name/password schemes. In SSL, the server can ask the
client to authenticate itself. During the handshake the server asks the
client to send the client certificate together with a signed piece
of random data. The server can ascertain the identity of the client
by verifying that signature.