Digital Signatures and Certificates
A digital signature mimics in the virtual environment the function of a hand-written signature in printed documents. Information related to a unique user is encrypted in a private key that is appended to any message sent by this user. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. It authenticates the identity of the user and guarantees the integrity of the message. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering.
A digital certificate is an electronic equivalent of an identification card such as a passport or driving license. It unequivocally establishes the identity of the user when exchanging information over the internet.
You may not have to -- it is up to the administrator of the board as to whether you need to register in order to post messages. However, registration will give you access to additional features not available to guest users such as definable avatar images, private messaging, emailing to fellow users, usergroup subscription, etc. It only takes a few minutes to register so it is recommended you do so.
Digital Certificates are issued only through a valid Certification Authority (CA), Yatanarpon CA is the first leading company in Myanmar. You can apply Registration Authority of Yatanarpon CA to apply digital certificate.
The private key of the CA is essential to the certificate and is kept secret, while the public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
Digital certificates can be used for signing email, encrypting messages, executing electronic financial transactions, e-commerce, securing web servers and much more.
You can use Digital Certificates for the following:
- For secure email and web-based transactions, or to identify other participants of web-based transactions.
- To prove ownership of a domain name and establish SSL / TLS encrypted secured sessions between your website and the user for web based transactions.
- As a developer, for proving authorship of a code and retaining integrity of the distributed software programs.
A digital certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, email address, the date the certificate was issued and the name of the Certifying Authority that issued it.). These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a smart card. The user retains control of the private key; it can only be used with the issued password. The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
A digital signature is an electronic method of signing an electronic document whereas a Digital Certificate is a computer based record that
- Identifies the Certifying Authority issuing it
- Has the name or the identity of its subscriber
- Contains the subscriber's public key
- Is digitally signed by the Certifying Authority issuing it
Signing an e-mail message means that you attach your Digital Certificate to it so that the recipient knows it came from you and was not tampered with en-route to their inbox. Signing authenticates a message, but it does not provide protection against third party monitoring.
Encrypting a message means scrambling it in such a way that only the designated recipients can unscramble it. This safeguards messages against monitoring or interception. In order to send a signed message, you must have a Digital Certificate. Since message encryption is done using specific keys available in the certificate, you cannot encrypt a message unless you possess the recipient's Digital Certificate.
You can digitally sign any e-mail as long as the recipient has an e-mail application, which supports S/MIME. But you can not encrypt the message.
Microsoft Internet Explorer Users: Signed messages will be shown in the inbox (or any other folder) with a red ribbon on the envelope icon. Encrypted messages will show a padlock on the envelope icon.
Netscape Communicator Users: Any signed e-mail you receive will have a prominent icon in the upper-right corner of the message saying "signed" or "encrypted" or both. If you want more information about the security of a message, click on the Security button above the message.
No, you cannot. A digital certificate e-mail address combination is unique.
No, you cannot use a Digital Certificate that has been purchased by you as an individual for your website. A Digital Certificate meant for use by an individual is applicable to sending and receiving secure email and executing personal web-based transactions through web browsers. If you require a Digital Certificate for your website, you need to purchase one that is specific to the functionality of the web-based transactions handled on your website.
No, you will not be able to use one certificate on different websites because the certificate is explicitly associated with the exact host and domain name.
No, you control the presentation of your Digital Certificates to websites through the settings in your web browser.
SSL = Secure Socket Layer.
When you come across a web page that is secured, your browser will likely display a 'closed lock' or other symbol to inform you that SSL (standing Secure Sockets Layer) for has been enabled. The web site address should also now display as "https://" rather than the usual "http://".
The main role of SSL is to provide security for Web traffic. Security includes confidentiality, message integrity, and authentication. SSL achieves these elements of security through the use of cryptography, digital signatures, and certificates. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate, or Server ID, enables SSL capabilities.
If you are transmitting sensitive information on a web site, such as credit card numbers or personal information, you need to secure it with SSL encryption. It is possible for every piece of data to be seen by others unless it is secured by an SSL server certificate. Your customers won't trust your web site without it.
Most all web-based online purchases and monetary transactions are now secured by SSL. You may also be familiar with online banking. Financial institutions use SSL to secure the transmission of your PIN number and other confidential account data.
SSL has two distinct entities, server and client. The client is the entity that initiates the transaction, whereas the server is the entity that responds to the client and negotiates which cipher suites are used for encryption. In SSL, the Web browser is the client and the Web-site server is the server.
SSL is vital to Web security. It provides a strong sense of confidentiality, message integrity, and server authentication to users. The business of e-commerce is tied closely to consumer confidence in the operation of SSL across the net. In the future, SSL termination devices will be able to handle more transactions at a faster rate. The encryption of key lengths and the cipher suites used will also continue to evolve in order to ensure the security of sensitive information over the Web. This way, e-commerce will be able to continue to grow in popularity as users grow more confident in shopping and banking online, and embracing new online applications.
Public Key Infrastructure is the network security architecture of an organization. It includes software, encryption technologies, and services the enable secure transactions on the Internet, intranets, and extranets.
Regulatory
A Certifying Authority is a trusted agency whose central responsibility is to issue, revoke, renew and provide directories for Digital Certificates. "Certifying Authority" means a person who has been granted a license to issue Digital Signature Certificates.
A Registration Authority is an entity that performs identification and authentication of certificate applicants for end-user certificates, initiates or passes along revocation requests for certificates for end-user certificates, and approves applications for renewal or re-keying certificates on behalf of a CA. Yatanarpon CA acts as a RA for certificates it issues.
Root CA is the Root Certifying Authority of Myanmar. It was established by the Myanmar ICT Act and is responsible for digitally signing the public keys of all the licensed CAs in the country.
The Root CA’s root certificate is the highest level of certification in the country. The root certificate is a self-signed certificate.
The key activities of the Root CA include:
CA key generation, storage, backup and recovery
- CA public key distribution and escrow
- CA key usage, destruction and archival
- CA cryptographic hardware life cycle management
- CA-provided subscriber key management
- Certification practice statement and certificate policy management
Root CA is involved in the monitoring and compliance of online security policy implementations in the country. These controls include
A Relying Party is an individual or entity that acts in reliance of a certificate and/or a digital signature. A Relying party may, or may not also be a Subscriber.
Repository
The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA.
The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA.
Certifying Authorities issue Digital Certificates that are appropriate to specific purposes or applications. A Certificate Policy (CP) describes the different classes of certificates issued by the CA, the procedures governing their issuance and revocation and terms of usage of such certificates, besides information regarding the rules governing the different uses of these certificates.
A Subscriber Agreement is an agreement between Subscriber and Yatanarpon CA stating that the subscriber will use the Digital Certificate for the assigned use or objective and that the subscriber is solely responsible for the protection of the private key and ensuring functionality of the unique key pair. The subscriber also agrees that all the information provided to Yatanarpon CA at the time of registration is accurate. In the event of any change in information, the subscriber is obliged to immediately inform Yatanarpon CA.
Table of Acronyms and Definitions
Term | Definition |
ARL |
Authority Revocation List |
CA |
Certification Authority |
CP |
Certificate Policy |
CPS |
Certification Practice Statement |
CRL |
Certificate Revocation List |
FIPS |
United State of American Federal Information Processing Standards |
LCA |
Licensed Certification Authority |
LDAP |
Light Weight Directory Access Protocol |
OCSP |
Online Certificate Status Protocol |
PIN |
Personal Identification Number |
PKCS |
Public-Key Cryptography Standard |
PKI |
Public-Key Infrastructure |
Root CA |
Root Certification Authority |
RA |
Registration Authority |
RFC |
Request For Comment |
S/MIME |
Secure Multipurpose Internet Mail Extensions |
SSL |
Secure Sockets Layer |