What is a digital security certificate?

Imagine a ink and a solvent for this ink.

Imagine millions of ink colors and for each one of them there is a single solvent.

If you paint a paper with some information printed on it with a security layer of one of these inks, the only way for you, or anyone, to see the information that was printed before is to use the specific solvent of that ink.

No other solvent will work.

Now imagine that you have a company and that you want your customers to be able to send you information in such a way that someone who can intercept the message cannot see the information that was originally on the paper.

What you have to do is distribute one of these inks to your customers and keep the corresponding solvent with you.

So, a customer puts the necessary information on the paper and cover it with one layer of the ink that you provided.

When you receive the paper you use your solvent and perfectly access the original information that your customer wanted to send you.

This is an analogy of how symmetric cryptography works. It is called symmetric because there are two certificates that maintain a relationship with each other. Like a ink and its solvent.

The ink is what is called a public certificate, which is distributed publicly, and the solvent is the private certificate that you keep to yourself.

The certificates are generated by specific algorithms. In the purely mathematical universe, the main feature of this pair is that it is not possible to calculate the private certificate from the public certificate.

Among other situations, this is what happens when we use a website that has an address starting with https orHypertext Transfer ProtocolSecure. Do not confuse it with just http.

When your browser accesses an https site, the website server provides the public certificate. Any information that the browser will send to the website server will be previously encrypted with this certificate. When this information arrives at the server, the private certificate is used to decrypt.

All of this happens in a transparent way to the user.

It is possible to access information that is traveling through the web, so it is important that it be encrypted.

There is a finite number of possible digital certificate pairs. Could an malicious entity try to test all certificates until they find the one that works?

Mathematically yes.

In practice, a conventional computer would take an unfeasible time to perform this operation. Even so, it would be possible to put a large number of computers performing the test simultaneously. In this case, the main obstacle becomes the economic. Breaking this encryption is expensive.

A few years ago, there was a cost to acquire a pair of digital certificates in the hundreds of dollars per year.

Today there are many ways to get a free digital certificate with exactly the same functionality.

If you access a website that is only http, the first thing that this website is informing is that the company behind it does not care about the privacy of your data.

technical concepts

2/1/2023

From Barcelona

info@netbistrot.com 

© NetBistrot 2017 - 2024