Quote:> Hi, I am confused about digital certificates. They are issued by a CA.
> The CA takes your personal information and then issues you a digital
> certificate. Are you also issued a public/private key pair at that
> time and how is that key pair linked to your certificate?
Digital certificates are an alternative means of RSA encryption to PGP. They
*are* a keypair
Quote:> Digital certificates can be used to verify that you are the proper
> person to be using that key pair, right? So I start using the key pair
> for sending email and perhaps conducting business through a website.
Do you mean you use the actual certificate, or you have attatched it to your
Quote:> What is the process by which the recipient of my mail and my business
> can verify that the key I am using is mine and that they are doing
> business with me. Is this to protect them from doing business with
> someone who may have stolen my private key? Or is this just to assure
> them that public key they have is mine. Confused !!
Case you use the actual digital cert
Your digital certificate will have been signed with the CA's public key,
like when you use PGP to sign someone else's key. If the CA is set as
trusted by that business, then your cert will become trusted. They will see
a window when they open the email, saying 'content signed by Bill C.
Certificate automatically verified by verisign (or whoever issued the cert).
Or similar, I don't have actual firsthand experience of this. Anyway, an
email client that supports S/MIME should verify this automatically. This
lets them be sure the digital cert belongs to you, because verisign says so,
and the fact that you've signed the email with your digital cert means they
know the email is from the owner of the digital cert. They therefore know
this email was sent by you, which they may need to be sure of. For example
if it was your bank and you asked them to do a money transfer, this would
let them be sure that the email really came from you and they could then
transfer the funds. If it is someone else using your website to buy things,
then the digital cert lets your customers send their credit card details to
you securely, because they've encrypted it with the public key on your cert.
They can check they are actually sending it to you by looking at the
Case you attached it to your pgp key.
The digital cert becomes, in effect, another signature on your pgp keypair.
Others can verify that the keypair really belongs to you because it is
signed by the digital cert, which is itself verified by verisign. This means
you don't need to phone them and check the key fingerprint.