Module 3

Hashes, Message Digests and Digital

Certificates
MESSAGE INTEGRITY
• The cryptography systems that we have studied so far
provide secrecy, or confidentiality, but not integrity.
• However, there are occasions where we may not even
need secrecy but instead must have integrity.
• For example, Alice may write a will to distribute her
estate upon her death. The will does not need to be
encrypted.
• After her death, anyone can examine the will.
• The integrity of the will, however, needs to be
preserved. Alice does not want the contents of the will
to be changed.
Message and Message Digest

• The electronic equivalent of the document and

fingerprint pair is the message and digest pair.
• To preserve the integrity of a message, the
message is passed through an algorithm called a
cryptographic hash function.
• The function creates a compressed image of
the message that can be used like a fingerprint.
• The two pairs (document/fingerprint) and
message/ message digest) are similar, with
some differences.
• The document and fingerprint are physically
linked together.
• The message and message digest can be
unlinked (or sent) separately, and, most
importantly, the message digest needs to be
safe from change.

The message digest needs to be safe from change.

Checking Integrity
• To check the integrity of a message, or document,
we run the cryptographic hash function again and
compare the new message digest with the previous
one.
• If both are the same, we are sure that the original
message has not been changed.
 Requirements for Hash Functions
1. Can be applied to any sized message M
2. Produces fixed-length output h
3. It is easy to compute h=H(M) for any
message M
4. given h is infeasible to find x s.t. H(x)=h
• one-way property
5. given x is infeasible to find y s.t. H(y)=H(x)
• weak collision resistance
6. is infeasible to find any x,y s.t. H(y)=H(x)
• strong collision resistance
Cryptographic Hash Function Criteria
A cryptographic hash function must satisfy three
criteria:
• preimage resistance,

• second preimage resistance,

• and collision resistance,

Preimage Resistance
A cryptographic hash function must be preimage resistant.
Given a hash function h and y = h(M), it must be
extremely difficult for Eve to find any message, M′, such
that y = h(M′).
• If the hash function is not preimage resistant, Eve
can intercept the digest h(M) and create a
message M′.
• Eve can then send M′ to Bob pretending it is M.

A checksum function is not preimage resistant, Eve may find

several messages whose checksum matches the given one.
Second Preimage Resistance

• The second criterion, second preimage resistance,

ensures that a message cannot easily be forged.
• If Alice creates a message and a digest and sends both
to Bob, this criterion ensures that Eve cannot easily
create another message that hashes to the exact same
digest.
• In other words, given a specific message and its digest,
it is impossible (or at least very difficult) to create
another message with the same digest.
• Eve intercepts (has access to) a message M and
its digest h(M).
• She creates another message M′≠ M, but h(M)
= h(M′). Eve sends the M′ and h(M′) to Bob.
Eve has forged the message.
Collision Resistance

• The third criterion, collision resistance, ensures that

Eve cannot find two messages that hash to the same
digest. Here the adversary can create two messages
(out of scratch) and hashed to the same digest.
• We will see later how Eve can benefit from this
weakness in the hash function.
• For the moment, suppose two different wills can be
created that hash to the same digest.
• When the time comes for the execution of the will,
the second (forged) will is presented to the heirs.
• Because the digest matches both wills, the
substitution is undetected.
• This type of attack is much easier to launch than
the two previous kinds.
• In other words, we need particularly be sure that a
hash function is collision resistant.
MESSAGE AUTHENTICATION
• A message digest guarantees the integrity of a
message.
• It guarantees that the message has not been changed.
• A message digest does not authenticate the sender of
the message.
• When Alice sends a message to Bob, Bob needs to
know if the message is coming from Alice.
• To provide message authentication, Alice needs to
provide proof that it is Alice sending the message and
not an impostor. A message digest cannot provide such
a proof.
• The digest created by a cryptographic hash function is
normally called a modification detection code (MDC).
• The code can detect any modification in the message.
• What we need for message authentication (data origin
authentication) is a message authentication code
(MAC).
Modification Detection Code

• A modification detection code (MDC) is a message

digest that can prove the integrity of the message: that
message has not been changed.
• If Alice needs to send a message to Bob and be sure that
the message will not change during transmission, Alice
can create a message digest, MDC, and send both the
message and the MDC to Bob.
• Bob can create a new MDC from the message and
compare the received MDC and the new MDC.
• If they are the same, the message has not been changed.
Message Authentication Code (MAC)

• To ensure the integrity of the message and the data

origin authentication that Alice is the originator of the
message, not somebody else we need to change a
modification detection code (MDC) to a message
authentication code (MAC).
• The difference between a MDC and a MAC is that the
second includes a secret between Alice and Bob
• For example, a secret key that Eve does not possess.
• Alice uses a hash function to create a MAC from the
concatenation of the key and the message, h (K|M).
• She sends the message and the MAC to Bob over the
insecure channel.
• Bob separates the message from the MAC. He then
makes a new MAC from the concatenation of the
message and the secret key.
• Bob then compares the newly created MAC with the
one received.
• If the two MACs match, the message is authentic and
has not been modified by an adversary.
• There is no need to use two channels in this case. Both
message and the MAC can be sent on the same
insecure channel.
• Eve can see the message, but she cannot forge a new
message to replace it because Eve does not possess the
secret key between Alice and Bob.
• She is unable to create the same MAC as Alice did.
• This MAC is referred as a prefix MAC because the
secret key is appended to the beginning of the
message.
• We can have a postfix MAC, in which the key is
appended to the end of the message.
• We can combine the prefix and postfix MAC, with the
same key or two different keys.
• However, the resulting MACs are still insecure.
Security of a MAC

• Suppose Eve has intercepted the message M and the

digest h(K|M).
• How can Eve forge a message without knowing the
secret key?
• There are three possible cases:
1. Eve may prepend all possible keys at the
beginning of the message and make a digest of the
(K|M) to find the digest equal to the one intercepted.
She then knows the key and can successfully replace
the message with a forged message of her choosing.
2. The size of the key is normally very large in a MAC,
but Eve can use another tool: the preimage attack. She
uses the algorithm until she finds X such that h(X) is
equal to the MAC she has intercepted. She now can find
the key and successfully replace the message with a
forged one. Because the size of the key is normally very
large for exhaustive search, Eve can only attack the
MAC using the preimage algorithm.

3. Given some pairs of messages and their MACs, Eve

can manipulate them to come up with a new message
and its MAC.
The security of a MAC depends on the security of the
underlying hash algorithm.

Security of MAC

1. Nested MAC
In which hashing is done in two steps. In the first step, the
key is concatenated with the message and is hashed to create
an intermediate digest. In the second step, the key is
concatenated with the intermediate digest to create the final
digest.
HMAC
• NIST has issued a standard (FIPS 198) for a nested
MAC that is often referred to as HMAC (hashed
MAC, to distinguish it from CMAC).
• The implementation of HMAC is much more
complex than the simplified nested MAC.
• There are additional features, such as padding.
We go through the steps:

1. The message is divided into N blocks, each of b bits.

2. The secret key is left-padded with 0’s to create a b-bit
key. Note that it is recommended that the secret key
(before padding) be longer than n bits, where n is the size
of the HMAC.
3. The result of step 2 is exclusive-ored with a constant
called ipad (input pad) to create a b-bit block. The value
of ipad is the b/8 repetition of the sequence 00110110
(36 in hexadecimal).
4. The resulting block is prepended to the N-block
message. The result is N + 1 blocks.
5. The result of step 4 is hashed to create an n-bit digest.
We call the digest the intermediate HMAC.
6. The intermediate n-bit HMAC is left padded with 0s to
make a b-bit block.
7. Steps 2 and 3 are repeated by a different constant opad
(output pad). The value of opad is the b/8 repetition of
the sequence 01011100 (5C in hexadecimal).
8. The result of step 7 is prepended to the block of step 6.
9. The result of step 8 is hashed with the same hashing
algorithm to create the final n-bit HMAC.
CMAC
• NIST has also defined a standard (FIPS 113) called
Data Authentication Algorithm, or CMAC, or
CBCMAC.
• The idea is to create one block of MAC from N
blocks of plaintext using a symmetric-key cipher N
times.
• The message is divided into N blocks, each m bits
long. The size of the CMAC is n bits.
• If the last block is not m bits, it is padded with a 1-
bit followed by enough 0-bits to make it m bits.
• The first block of the message is encrypted with
the symmetric key to create an m-bit block of
encrypted data.
• This block is XORed with the next block and the
result is encrypted again to create a new m-bit
block.
• The process continues until the last block of the
message is encrypted.
• The n leftmost bit from the last block is the
CMAC.
• In addition to the symmetric key, K, CMAC also
uses another key, k,which is applied only at the last
step.
• This key is derived from the encryption algorithm with
plaintext of m 0-bits using the cipher key, K.
• The result is then multiplied by x if no padding is
applied and multiplied by x2 if padding is applied.
• The multiplication is in GF(2m) with the irreducible
polynomial of degree m selected by the particular
protocol used.
• Here the intermediate encrypted blocks are not sent as
ciphertext;they are only used to be XORed with the
next block.
Iterated Hash Function

• All cryptographic hash functions need to create a fixed-

size digest out of a variable-size message.
• Creating such a function is best accomplished using
iteration.
• Instead of using a hash function with variable-size input,
a function with fixed-size input is created and is used a
necessary number of times.
• The fixed-size input function is referred to as a
compression function.
• It compresses an n-bit string to create an m-bit string
where n is normally greater than m.
• The scheme is referred to as an iterated cryptographic
hash function.
Merkle-Damgard Scheme
The Merkle-Damgard scheme is an iterated hash function
that is collision resistant if the compression function is
collision resistant.
The scheme uses the following steps:

1. The message length and padding are appended to the

message to create an augmented message that can be evenly
divided into blocks of n bits, where n is the size of the block
to be processed by the compression function.

2. The message is then considered as t blocks, each of n bits.

We call each block M1, M2,..., Mt. We call the digest
created at t iterations H1, H2,..., Ht.

3. Before starting the iteration, the digest H0 is set to a fixed

value, normally called IV (initial value or initial vector).
4. The compression function at each iteration operates on
Hi−1 and Mi to create a new Hi. In other words, we have
Hi= ƒ(Hi−1, Mi),
where ƒ is the compression function.

5. Ht is the cryptographic hash function of the original

message, that is, h(M).
• The Merkle-Damgard scheme is the basis for many
cryptographic hash functions today.
• The only thing we need to do is design a compression
function that is collision resistant and insert it in the
Merkle-Damgard scheme.
• There are two different approaches in designing a
hash function.
1. The compression function is made from
scratch: it is particularly designed for this
purpose.
2. In the second approach, a symmetric-key block
cipher serves as a compression function.
MD5
• A set of cryptographic hash functions uses
compression functions that are made from scratch.
• Message Digest (MD): Several hash algorithms were
designed by Ron Rivest. These are referred to as
MD2, MD4, and MD5, where MD stands for Message
Digest.
• The last version, MD5, is a strengthened version of
MD4 that divides the message into blocks of 512 bits
and creates a 128-bit digest.
• It turned out that a message digest of size 128 bits is
too small to resist collision attack.
 MD2
• 128-bit message digest:
– Arbitrary number of bytes of message
– First pad to multiple of 16 bytes
– Append MD2 checksum (16 bytes) to the
end
• The checksum is almost a MD, but not
cryptographically secure by itself.
– Process whole message
 MD2 Checksum
• One byte at a time, k × 16 steps
• mnk: byte nk of message
• cn=π(mnk ⊕ cn-1) ⊕ cn
• π : 0 → 41, 1 → 46, …
– Substitution on 0-255 (value of the byte)
 MD2 Final Pass
• Operate on 16-byte chunks
• 48-byte quantity q:
– (current digest|chunk|digest⊕chunk)
• 18 passes of massaging over q, and one
byte at a time:
– cn=π(cn-1) ⊕ cn for n = 0, … 47; c-1 = 0 for
pass 0; c-1 = (c47 + pass #) mod 256
• After pass 17, use first 16 bytes as new
digest
– 16 × 8 = 128
MD5: Message Digest Version 5

input Message

Output 128 bits Digest

 MD5 Box
512-bit message chunks (16
words)

Initial
128-bit
vector

128-bit result
• MD5 (Message Digest Method 5) is a cryptographic
hash algorithm that generates a 128-bit digest from a
string of any length.
• The digests are represented as 32-digit hexadecimal
numbers.
• The digest size is always 128 bits, and thanks to
hashing function guidelines, a minor change in the
input string generates a drastically different digest.
• This is essential to prevent similar hash generation,
also known as a hash collision, as much as possible.
• In cryptography, MD5 ensures data integrity and
authenticity by generating unique hash values for distinct
data inputs.
• It converts arbitrary-sized data into a fixed-size 128-bit
hash, making it crucial for applications like digital
signatures, certificate generation, and data integrity
verification.
• By producing a consistent hash for the same input and
different hashes for even minor changes in input, MD5
helps detect data corruption and tampering.
• However, due to vulnerabilities like collision attacks,
where different inputs produce the same hash, MD5 has
diminished in favor of more secure algorithms like SHA-
256 for critical cryptographic applications.
How Does MD5 Algorithm Work

The MD5 algorithm working process involves padding,

appending length, initializing variables, processing in 512-
bit blocks, and producing the final hash.
Step 1: Padding the Input
The first step in the MD5 algorithm involves padding the
input message so its length (in bits) is congruent to 448
modulo 512. This is done by appending a single '1' bit
followed by enough '0' bits to reach the required length,
ensuring the total message length is a multiple of 512 bits.
Step 2: Appending the Length
After padding, the length of the original message (before
padding) is appended as a 64-bit value. This step ensures that
the original message length is still embedded within the hash
input, even if the padded message length is manipulated.

Step 3: Initializing Variables

MD5 uses four 32-bit variables, which are initialized to
specific constants. These variables, often denoted as A, B, C,
and D, are set to the following values in hexadecimal:
● A = 0x67452301
● B = 0xefcdab89
● C = 0x98badcfe
● D = 0x10325476
Step 4: Processing in 512-bit Blocks
The padded message is processed in chunks of 512-bit blocks,
each divided into sixteen 32-bit words. The main algorithm
operates on each block in four rounds of 16 operations each,
totaling 64 operations.
Step 5: Main Loop
The core of the MD5 algorithm involves four non-linear
functions (F, G, H, and I) and four rounds of transformation.
Each function takes three 32-bit words as input and produces a
32-bit output. The operations are performed as follows:
1. Round 1: Uses the function
F(B,C,D)=(B&C)∣((∼B)&D)F(B, C, D) = (B \& C) | ((\sim
B) \& D)F(B,C,D)=(B&C)∣((∼B)&D)
2. Round 2: Uses the function
G(B,C,D)=(B&D)∣(C&(∼D))G(B, C, D) = (B \& D) | (C
\& (\sim D))G(B,C,D)=(B&D)∣(C&(∼D))
 1. Round 3: Uses the function H(B,C,D)=B⊕C⊕DH(B, C,
D) = B \oplus C \oplus DH(B,C,D)=B⊕C⊕D
2. Round 4: Uses the function I(B,C,D)=C⊕(B∣(∼D))I(B,
C, D) = C \oplus (B | (\sim D))I(B,C,D)=C⊕(B∣(∼D))

The algorithm performs a series of bitwise operations, modular

additions, and left rotations in each round. Each operation
modifies one of the four variables (A, B, C, D) using a
different word from the block and a constant derived from the
sine function.

Step 6: Producing the Final Hash

After all the 512-bit blocks have been processed, the final hash
value is produced by concatenating the variables A, B, C, and
D. The resulting 128-bit value is the MD5 hash of the input
message.
 MD5 algorithm
• Padding –
length is 64 bit less than an integer multiple of 512 bits.
If 448(64 bit less than 512) then padding is ? N
1000 ? Y (1472 64 less 1536 = 3*512)
512 ? Y

• Append length –
64 bit length of msg , len mod 264 , data to hash = [Msg + padding +len]
• Initialize MD buffer – chaining variable A,B,C,D – 32 bit no
• Process message in 512 bit blocks –
Four rounds of processing on
1.i/p 512 bit data divided into 16 blocks of 32 bit each X[i]
2.chaining variable
3. uses one fourth of element table T[1---64] constructed
from sin function 2^32 * abs(sin(i))\
4. process g (different for each round) F,G,H,I
 MD5: Padding
1 2 3 4
input Message

512 bit block Paddin

g
Initial Value
MD Transformation block by block
5

Output 128 bits Digest Final

Output
 MD5 Blocks

512:
B1
512:
MD B2
5 512:
MD B3
5 512:
MD B4
5
MD
5

Result
 Step 4.
Continued
(4 Rounds)

58
Step 4. Continued

59
Applications of MD5 Algorithm

• Data Integrity
• Digital Signatures
• Certificate Generation and Verification
• Password Storage
• Checksums and File Integrity
SHA-1
Secure Hash Algorithm (SHA)

• The Secure Hash Algorithm (SHA) is a standard that

was developed by the National Institute of Standards
and Technology (NIST) and published as a Federal
Information Processing standard (FIP 180).
• It is sometimes referred to as Secure Hash Standard
(SHS). The standard is mostly based on MD5.
• The standard was revised in 1995 under FIP 180-1,
which includes SHA-1.
• It was revised later under FIP 180-2, which defines
four new versions: SHA-224, SHA-256, SHA-384,
and SHA-512.
SHA-1 Hash
• SHA-1 or Secure Hash Algorithm 1 is a cryptographic
algorithm that takes an input and produces a 160-bit (20-
byte) hash value.
• This hash value is known as a message digest.
• This message digest is usually then rendered as a
hexadecimal number which is 40 digits long.
• It is a U.S. Federal Information Processing Standard and
was designed by the United States National Security
Agency.
• SHA-1 is been considered insecure since 2005.
• Major tech giants browsers like Microsoft, Google,
Apple, and Mozilla have stopped accepting SHA-1 SSL
certificates by 2017.
How SHA-1 Works
1. Message (M):
● The original input message that needs to be hashed.
2. Message Padding:
● The initial step where the message is padded to
ensure its length is congruent to 448 modulo 512.
This step prepares the message for processing in
512-bit blocks.
3. Round Word Computation (WtW_tWt​):
● After padding, the message is divided into blocks of
512 bits, and each block is further divided into 16
words of 32 bits. These words are then expanded
into 80 32-bit words, which are used in the
subsequent rounds.
4. Round Initialize (A, B, C, D, and E):
Initialization of five working variables (A, B, C, D, and
E) with specific constant values. These variables are
used to compute the hash value iteratively.

5. Round Constants (KtK_tKt​):

SHA-1 uses four constant values (K1K_1K1​, K2K_2K2​,
K3K_3K3​, K4K_4K4​), each applied in a specific range
of rounds:
K1K_1K1​ for rounds 0-19
K2K_2K2​ for rounds 20-39
K3K_3K3​ for rounds 40-59
K4K_4K4​ for rounds 60-79
7. Rounds (0-79):
• The main computation loop of SHA-1, divided into
four stages (each corresponding to one of the
constants K1K_1K1​ to K4K_4K4​). In each round, a
combination of logical functions and operations is
performed on the working variables (A, B, C, D, and
E) using the words generated in the previous step.
8. Final Round Addition:
• After all 80 rounds, the resulting values of A, B, C,
D, and E are added to the original hash values to
produce the final hash.
9. MPX (Multiplexing):
• Combines the results from the final round addition to
form the final message digest.
Summary of Steps:
● Input (Message M): The process starts with the input
message MMM.
● Message Padding: The message is padded to meet the
length requirements.
● Word Computation: The padded message is divided
into blocks and further into words, which are expanded
for use in the rounds.
● Initialization: Initial hash values are set.
● Round Processing: The main loop performs 80 rounds
of computation using the message words and round
constants.
● Final Addition: The results from the rounds are added to
the initial hash values.
● Output (Hash Value): The final message digest is
produced.
 General Logic
• Input message must be < 264 bits
– not really a problem
• Message is processed in 512-bit blocks
sequentially
• Message digest is 160 bits
• SHA design is similar to MD5, but a lot
stronger
 Basic Steps
Step1: Padding
Step2: Appending length as 64 bit
unsigned
Step3: Initialize MD buffer 5 32-bit words
A|B|C|D|E – big indian format
A = 67452301
B = efcdab89
C = 98badcfe
D = 10325476
E = c3d2e1f0
 Basic Steps...
Step 4: the 80-step processing of 512-bit blocks –
4 rounds, 20 steps each.
Each step t (0 <= t <= 79):
– Input:
• Wt – a 32-bit word from the message
• Kt – a constant.
• ABCDE: current MD.
– Output:
• ABCDE: new MD.
 Basic Steps...
• Only 4 per-round distinctive additive
constants
0 <=t<= 19 Kt = 5A827999
20<=t<=39 Kt = 6ED9EBA1
40<=t<=59 Kt = 8F1BBCDC
60<=t<=79 Kt = CA62C1D6
Basic Steps - The Heart Of
The Matter
A B C D E

+
ft
CL +
S5
Wt
+
CLS3
Kt
0 +

A B C D E
 Basic Logic Functions
• Only 3 different functions

Round Function ft(B,C,D)

0 <=t<= 19 (B∧C)∨(~B ∧D)
20<=t<=39 B⊕C⊕D
40<=t<=59 (B∧C)∨(B∧D)∨(C∧D)
60<=t<=79 B⊕C⊕D
PKI
Public Key Infrastructure (PKI)
• Public key infrastructure is an important aspect of
internet security.
• It is the set of technology and processes that make
up a framework of encryption to protect and
authenticate digital communications.
• PKI uses cryptographic public keys that are
connected to a digital certificate, which
authenticates the device or user sending the digital
communication.
• Digital certificates are issued by a trusted source, a
certificate authority (CA), and act as a type of
digital passport to ensure that the sender is who
they say they are.
• Public key infrastructure protects and authenticates
communications between servers and users, such
as between your website (hosted on your web
server) and your clients (the user trying to connect
through their browser.
• It can also be used for secure communications
within an organization to ensure that the messages
are only visible to the sender and recipient, and
they have not been tampered with in transit.
The main components of public key infrastructure include
the following:
● Certificate authority (CA): The CA is a trusted entity
that issues, stores, and signs the digital certificate. The
CA signs the digital certificate with their own private
key and then publishes the public key that can be
accessed upon request.
● Registration authority (RA): The RA verifies the
identity of the user or device requesting the digital
certificate. This can be a third party, or the CA can
also act as the RA.
● Certificate database: This database stores the digital
certificate and its metadata, which includes how long
the certificate is valid.
● Central directory: This is the secure location where
the cryptographic keys are indexed and stored.
● Certificate management system: This is the system
for managing the delivery of certificates as well as
access to them.
● Certificate policy: This policy outlines the
procedures of the PKI. It can be used by outsiders to
determine the PKI’s trustworthiness.
How PKI works
• Public key infrastructure uses asymmetric
encryption methods to ensure that messages remain
private and also to authenticate the device or user
sending the transmission.
• Asymmetric encryption involves the use of a
public and private key. A cryptographic key is a
long string of bits used to encrypt data.
• The public key is available to anyone who requests
it and is issued by a trusted certificate authority.
This public key verifies and authenticates the
sender of the encrypted message.
• The second component of a cryptographic key
pair used in public key infrastructure is the
private, or secret, key. This key is kept private by
the recipient of the encrypted message and used
to decrypt the transmission.
• Complex algorithms are used to encrypt and
decrypt public/private key pairs. The public key
authenticates the sender of the digital message,
while the private key ensures that only the
recipient can open and read it.
•PKI
Thecertificates
core of a public key infrastructure is trust.
• It is important for a recipient entity to know without a
doubt that the sender of the digital certificate is exactly
who they claim to be.
• Trusted third-party CAs can vouch for the sender and
help to prove that they are indeed who they say they
are. Digital certificates are used to verify digital
identities.
• Digital certificates are also called PKI certificates or
X.509 certificates. A PKI certificate offers proof of
identity to a requesting entity, which is verified by a
third party and works like a digital passport or driver’s
license.
The PKI certificate will contain the following:
● Distinguished name (DN) of the owner
● Owner’s public key
● Date of issuance
● Expiration date
● DN of the issuing CA
● Issuing CA’s digital signature
Why is PKI used
● TLS/SSL (transport layer security/secure socket layer),
which secures encrypted HTTP (hypertext transfer
protocol) communications.
● Email encryption and authentication of the sender
● Signing documents and software
● Using database servers to secure internal communications
● Securing web communications, such as e-commerce
● Authentication and encryption of documents
● Securing local networks and smart card authentication
● Encrypting and decrypting files
● Restricted access to VPNs and enterprise intranets
● Secure communication between mutually trusted devices
such as IoT (internet of things) devices
X.509 Authentication Service/Digital Certificate
Difference between Digital Signature and Digital
Certificate

• Digital signatures and Digital Certificates both are

security solutions that may protect your data from
cyber thieves.
• Although these words have some similarities, they
have entirely different synonyms and purposes.
• A digital signature is an attachment to an electronic
document which may be considered a signature.
• When a document is allocated, the data may not be
modified without invalidating the signature.
• The document is encrypted with the signer's key to
form the digital signature.
• In contrast, a digital certificate is a way to
demonstrate the identity of the holder for a specific
electronic transaction.
• It protects the data exchange from visitors to the
website and certifies the individuals or websites.
Digital certificate

• Digital certificates, also known as identity certificates

or public key certificates, are a form of electronic
password using the public key infrastructure (PKI) that
allows individuals and organizations to exchange data
over the internet in a secure manner.
• A digital certificate uses cryptography and a public
key to prove the authenticity of a server, device, or
user, ensuring that only trusted devices can connect to
an organization’s network. They can also be used to
confirm the authenticity of a website to a web browser.
• A website, organization, or individual can request
a digital certificate that will then need to be
validated by a publicly trusted certificate authority
(CA).
• Digital certificates can help to keep
communications, data, and websites secure on the
internet.
• There are some potential weaknesses for
exploitation with digital certificates, but websites
secured by these public key certificates are
considered more secure than those that are not.
• Public key certificates are issued by trusted
third parties, a CA, who signs the certificate,
thus verifying the identity of the device or user
that is requesting access.
• To ensure validity, the public key will be
matched with a corresponding private key that
only the recipient has knowledge of.
• Digital certificates have a specific key pair that
they are associated with: one public and one
private.
A digital certificate contains the following identifiable
information:

● User’s name
● Company or department of user
● IP (internet protocol) address or serial number of
device
● Copy of the public key from a certificate holder
● Duration of time the certificate is valid for
● Domain certificate is authorized to represent
Digital certificates can provide the following
benefits:
● Security: Digital certificates can keep internal and
external communications confidential and protect the
integrity of the data. It can also provide access control,
ensuring only the intended recipient receives and can
access the data.
● Authentication: With a digital certificate, users can be
sure that the entity or person they are communicating
with is who they say they are and makes sure that
communications reach only the intended recipient.
● Scalability: Digital certificates can be used across a
variety of platforms for individuals and large and small
businesses alike.
● They can be issued, renewed, and revoked in a matter
of seconds. They can be used to secure a range of user
devices and be managed through one centralized
system.
● Reliability: A digital certificate can only be issued by a
publicly trusted and rigorously vetted CA, meaning
that they cannot be easily tricked or faked.
● Public trust: The use of a digital certificate proves
authenticity of a website, documents, or emails. It can
assure users and clients that the company or individual
is genuine and respects privacy and values security.
How Do
Digital
Certificates
Work
Different types of digital certification

There are three main types of public key certificates:

• TLS/SSL (Transport Layer Security/Secure
Sockets Layer) certificates,
• client certificates,
• and code signing certificates.
There are also variations within each type of
certificate.
● Extended Validation: This provides comprehensive
business authentication, which is necessary for
handling extremely sensitive data for businesses or
larger organizations. Businesses in the financial sector
usually employ it because it provides the highest
degree of trust, security, and authenticity.

● Client Certificate: A client certificate is a digital

identity that uniquely identifies a person to another
user, computer, or machine to another. Email is a
typical example of this, in which the sender digitally
signs a message, and the receiver verifies the
signature. This is the most effective way to verify the
certificates.
● Code Signing Certificate: This is required to verify
the legitimacy of software or files obtained from the
internet. When consumers download software, the
developer or publisher signs it as proof that it is
authentic. For software companies that provide their
products on external websites, this is a helpful way to
demonstrate that the files remain unaltered.

● TLS/SSL Certificate: A program, mail, or web server,

for example, uses a TLS/SSL certificate to guarantee
and secure encrypted and confidential communication
with its customers. The certificate gives the server the
authentication it needs to transmit and receive
encrypted communications to clients.
● Domain Validated: Any website can use a quick
validation technique that works with a domain-verified
certificate. It is inexpensive to get and is ready to use
in a few minutes.
How are Digital Certificates Used

● Securing Websites: Digital certificates help secure

websites by enabling HTTPS. This ensures that the
information you send to and receive from the website is
private and secure.
● Email Security: They encrypt emails to keep the contents
private and use digital signatures to confirm who sent the
email and that it hasn’t been changed.
● Software Safety: Developers use digital certificates to
prove that their software is genuine and hasn’t been
tampered with since it was released.
● Verifying Identities: Digital certificates confirm the
identity of the users or devices trying to access a secure
system, like a company’s internal network.
● Signing Documents: They are used to digitally sign
documents like contracts or official forms, verifying the
signer’s identity and ensuring the document hasn’t been
altered.
● IoT Device Security: In the Internet of Things, digital
certificates authenticate devices and secure the data they
send and receive.
● Smart Card Authentication: They are embedded in
smart cards, used for secure logins and personal
identification, combining something you have (the card)
with something you know (a PIN).
X.509 Authentication Service
• X.509 digital certificate is a certificate-based
authentication security framework that can be used
for providing secure transaction processing and
private information.
• These are primarily used for handling the security
and identity in computer networking and internet-
based communications.
Working of X.509 Authentication Service Certificate

The core of the X.509 authentication service is the public

key certificate connected to each user.
These user certificates are assumed to be produced by some
trusted certification authority and positioned in the directory
by the user or the certified authority.
These directory servers are only used for providing an
effortless reachable location for all users so that they can
acquire certificates.
With the help of Abstract Syntax Notation, the X.509
certificate format uses an associated public and private key
pair for encrypting and decrypting a message.
Once an X.509 certificate is provided to a user by the
certified authority, that certificate is attached to it like an
identity card.
The chances of someone stealing it or losing it are less,
unlike other unsecured passwords.
With the help of this analogy, it is easier to imagine how
this authentication works: the certificate is basically
presented like an identity at the resource that requires
authentication.
Format of X.509 Authentication Service Certificate