What are digital certificates and signatures? This article explains it very well

Hello everyone, I am Brother Ming.

I sorted out some content about digital certificates and digital signatures some time ago, and I’m going to post it today.

We all know that HTTP protocol transmits content in plain text. In order to ensure the security of data transmission, HTTPS protocol came into being. However, it is not a new protocol, but the HTTP protocol plus SSL/TLS protocol.

Therefore, when you visit a website that supports https, you need to first perform an SSL/TLS handshake to establish a connection.

[[346870]]

The purpose of the SSL/TLS handshake is to securely negotiate a symmetric encryption key. With this key, all subsequent data will be encrypted using this key.

This process is actually quite interesting, and involves many knowledge points and professional terms, such as symmetric encryption, asymmetric encryption, message digest, digital signature, digital certificate, public key and private key. This article will introduce these professional terms that are easily confused in detail.

Before I explain, I will ask you a few basic questions. If you are not able to answer them skillfully, this article will give you the answers:

• What are the advantages and disadvantages of symmetric encryption and asymmetric encryption?
• Are symmetric encryption and asymmetric encryption exclusive? Can they be used together?
• What is the difference between digest and encryption? Why do we need encryption algorithms when we have digest algorithms?
• How to achieve confidentiality and efficiency in communication?
• How to apply for a digital certificate? What types of certificates are there? How to deploy an SSL certificate?
• Can you describe the entire process of certificate application, certificate issuance, certificate issuance to the client, client certificate verification, and data encryption transmission?

1. Symmetric encryption and asymmetric encryption

(1) Symmetric encryption

Symmetric encryption is a communication method in which both parties share a key.

This key can encrypt plaintext into ciphertext, and decrypt ciphertext into plaintext.

Common symmetric encryption algorithms include AES, DES, and RC4, among which AES is the most commonly used.

The advantages of symmetric encryption are: fast speed.

At the same time, there is also a disadvantage, which is that it is not so safe. Once your key is stolen by others, all your data will be exposed in the world of the Internet.

(2) Asymmetric encryption

The opposite of symmetric encryption is asymmetric encryption.

The communicating parties hold different keys.

The server's key is called a private key, and the client's key is called a public key.

The difference between them is:

• The private key should only be stored on the server and must not be disclosed. The public key can exist on any client, so it doesn't matter even if a hacker gets it.
• The ciphertext encrypted by the public key can only be decrypted by the corresponding private key
• The content encrypted by the private key can be decrypted by all the corresponding public keys.
• The private key is usually used to generate signatures, and the public key is used to verify signatures.
• The public key and the private key are relative, and there is no stipulation that one must be a public key or a private key. This means that as long as the public key is not disclosed to the public, it can be used as a private key, and the private key can be used as a public key after it is disclosed.

A typical asymmetric encryption algorithm is RSA.

The advantage of asymmetric encryption is that it has a very high security factor. The disadvantage is that it is slower.

(3) Combination of symmetric and asymmetric encryption

When the public key received by the client is accurate, the communication is secure.

Because the ciphertext encrypted with the correct public key can only be decrypted by the server's private key.

So how do we ensure that the client receives the correct public key?

The answer is: use asymmetric encryption to negotiate the symmetric encryption key. Once the server securely sends the correct public key to the client, in subsequent communications, symmetric encryption is used to encrypt data to ensure efficient communication.

The specific process will be explained in more detail later.

2. What are digest, signature and certificate?

(1) Information summary

A piece of information, after being processed by a digest algorithm, gets a string of hash values, which is called the digest.

Common digest algorithms include MD5, SHA1, SHA256, SHA512, etc.

There are a few things you need to understand about the abstract:

• The digest algorithm maps information of arbitrary length into a string of fixed length.
• Digest algorithm, it is possible to calculate the same digest value for two different messages.
• The digest algorithm is different from the encryption algorithm, and there is no decryption process.
• The digest algorithm is not used for data confidentiality, but for data integrity verification.

(2) Digital Signature

After the summary is encrypted with the private key, it has a new name - digital signature.

• Signing is done on the sender side and it is an encryption process.
• The signature verification is done at the receiving end, which is a decryption process.

So what is the significance of understanding digital signatures? Just answer the following two questions.

The first question is, if we have a message digest, why do we need a digital signature?

Answer: Although the message digest is also irreversible, it can be easily forged. Therefore, the message digest is only used to verify the integrity. To ensure the correctness of the message digest, you must rely on digital signatures.

The signing and verification of digital signatures are asymmetric encryption, and others cannot forge them unless they get the private key.

The second question is why not encrypt the content directly, but encrypt the summary instead.

Answer: From the above we know that asymmetric encryption is very slow. If the amount of data transmitted is very large, the time for encryption and decryption will be much longer than the network transmission time, which will be counterproductive.

If we only require integrity of the transmitted content, but not security (it doesn't matter if the transmitted content is known by others), we can encrypt the digest, decrypt it on the client side to get the digest plaintext, and then compare this digest plaintext with the digest calculated by the second calculation of the transmitted data. If they are consistent, it means that the transmitted content is complete and has not been tampered with.

(3) Digital Certificate

Have you found a problem with digital signature?

Digital signature is asymmetric encryption. The server has a private key and the client has a public key. Only when these two match can the signature be verified.

What if the public key you (the client) get is not given by the server, but given to you by a hacker? And you treat this fake public key as the real one. Then when you use this fake public key to encrypt some sensitive information, the hacker can intercept your information, because this information is encrypted with the hacker's own public key. In this way, the hacker can use his own private key to decrypt and obtain your sensitive information.

That's the problem.

To solve this problem, you only need to ensure that the "public key" is credible. You can only use the public key sent to you by the server, and you must know how to identify and discard the public key given to you by the bad guys.

Digital certificates came into being.

To understand digital certificates, you only need to understand two questions.

• What is a digital certificate? Actually, it is a .crt file
• Who issues the digital certificate? It is issued by an authoritative certificate authority, which we generally refer to as a CA.
• How to apply for a digital certificate? Or how to issue it?

To help you understand this process, I drew the following picture:

• Generate a pair of public and private keys on your own server. Then combine the domain name, applicant, public key (note that it is not the private key, which cannot be disclosed in any case) and other information to generate a .csr file.
• Send this .csr file to the CA. After receiving the application, the CA will verify the applicant's organizational information and personal information through various means. If there is no abnormality (the organization exists, the enterprise is legal, and it is indeed the owner of the domain name), the CA will use the hash algorithm to first perform a HASH on the plain text information in the .csr to obtain an information summary, and then encrypt the information summary with the CA's own private key to generate a string of ciphertext, which is the so-called signature. The signature + .csr plain text information is the certificate. The CA returns this certificate to the applicant.

3. Digital Certificate

In the transmission process of HTTPS, there is a very critical role - digital certificate. What is a digital certificate? What is its function?

A digital certificate is an identification mechanism used in computers. The signature (stamp) made by a digital certificate authority (CA) on a signature request file created using a private key indicates that the CA structure recognizes the certificate holder.

(1) Digital certificates have the following advantages:

• Using digital certificates can improve user credibility;
• The public key in the digital certificate can be used in pair with the private key of the server to achieve encryption and decryption during data transmission;
• During the authentication of the user's identity, the user's sensitive personal data will not be transmitted to the certificate holder's network system;

(2) Certificate Type

There are two types of x509 certificate encoding formats:

PEM (Privacy-enhanced Electronic Mail) is in plain text format, starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----. The content in the middle is base64-encoded. The certificate required by Apache is this type of encoded certificate. The command to view the information of this type of certificate is: openssl x509 -noout -text -in server.pem. In fact, PEM is a base64 encoding of the content of DER.

DER is a binary certificate. The command to view the information of this type of certificate is: openssl x509 -noout -text -inform der -in server.der

(3) Extension

• .crt certificate files, which can be DER (binary) encoded or PEM (ASCII (Base64)) encoded, are more common in Unix-like systems;
• .cer is also a certificate, commonly found in Windows systems. The encoding type can also be DER or PEM. There are tools in Windows that can convert crt to cer;
• .csr certificate signing request file, usually generated and sent to CA, then CA will sign and send you the certificate
• .key Generally, public keys or private keys will use this extension, which can be DER-encoded or PEM-encoded. The command to view the DER-encoded (public key or private key) file is: openssl rsa -inform DER -noout -text -in xxx.key. The command to view the PEM-encoded (public key or private key) file is: openssl rsa -inform PEM -noout -text -in xxx.key;
• .p12 certificate file, containing an X509 certificate and a password-protected private key

(4) Types of certificates

Security certificates are mainly divided into three types: DV, OV and EV, and the corresponding security levels are general, good and highest. The review process, review standards and corresponding number of domain names of the three are also different, so the prices range from one or two hundred yuan to tens of thousands of yuan.

DV SSL:

A DV SSL certificate is a simple (Class 1) SSL certificate that only verifies the domain name ownership of a website. It can be issued quickly within 10 minutes and can encrypt transmission, but it cannot prove the true identity of the website to users.

Currently, all free certificates on the market are of this type, which only provide data encryption but do not verify the identity of the individuals and institutions providing the certificates.

OV SSL:

OV SSL provides encryption functions, conducts strict identity verification on applicants, and provides credible ××× certificates.

The difference between OV SSL and DV SSL is that OV SSL provides an audit of individuals or organizations, can confirm the identity of the other party, and is more secure.

Therefore, this part of the certificate application is charged~

EV SSL:

EV = The most secure and strict EV SSL certificate follows the globally unified and strict identity authentication standards and is currently the industry's top-level (Class 4) SSL certificate with the highest security level.

Financial securities, banks, third-party payments, online shopping malls, etc., websites that emphasize website security and corporate credibility, involving transaction payments, customer privacy information, and the transmission of account passwords.

This part has the highest verification requirements and the most expensive application fee.

When choosing an issuing agency, it is best to choose a certificate issued by a CA agency that is recognized by the industry and can be used worldwide. At present, there are not many certificates in our country that meet the standards. The main reason is that some certificates cannot be recognized by foreign browsers and require certain additional operations when used.

According to the number of protected domain names, SSL certificates are divided into:

• Single domain version: only protect one domain name, such as www.abc.com or login.abc.com
• Multi-domain version: One certificate can protect multiple domain names, for example, www.abc.com, www.bcd.com, pay.efg.com, etc.
• Wildcard version: One certificate protects all subdomains of the same level under the same primary domain, with no limit on the number, such as *.abc.com. Note that only DVSSL and OVSSL have wildcard versions, and EVSSL does not have a wildcard version.

(5) Where is the certificate?

When you download and install a browser, the browser actually has certificates from globally recognized root certificate authorities embedded inside it.

If the certificate authority that issued the digital certificate for a website is not available in the browser, users will need to be guided to import it themselves.

If you want to see which certificate authorities are trusted in Chrome, you can click Settings -> Privacy and Security -> Security -> Manage Certificates

(6) Information in the certificate

In the location in the above picture, double-click on any certificate to view the contents of the certificate.

There is a lot of content, the most important of which are

• Which institution is the certificate from?
• What is the public key in the certificate?
• When is the certificate valid?
• Which encryption and decryption algorithm is used?

(7) Certificate revocation

A certificate has a life cycle. If the private key of a certificate is leaked, the certificate must be revoked. There are generally two ways to revoke the certificate: CRL and OCSP.

CRL (Certificate Revocation List) is a list of revoked certificate serial numbers maintained by the CA. The browser needs to update this list regularly. When verifying the legitimacy of the certificate, the browser will also check whether it has been revoked in the certificate revocation list. If it has been revoked, the certificate is also untrustworthy. It can be seen that this list will increase with the increase of revoked certificates, and the list will become larger and larger. The browser also needs to update it regularly, and the real-time performance is also relatively poor.

Therefore, OCSP (Online Certificate Status Protocol) was created to solve the problem of the growing size of CRL lists and poor real-time performance. With this protocol, browsers no longer need to update CRLs regularly. When verifying certificates, they can directly check in real time with the CA server to see if the certificate has been revoked. This solves the CRL problem, but it is very slow to check with the CA server every time. When the network environment is poor or when accessing across borders, the experience is very poor. Although OCSP solves the CRL problem, its performance is very poor.

4. How to generate a CSR file

CSR is the abbreviation of Certificate Signing Request, which is a certificate signing request file.

When an applicant applies for a digital certificate, the CSP (Cryptographic Service Provider) generates a private key and a CSR file. After the applicant submits the CSR file to the Certificate Authority (CA), the CA signs it with its root certificate private key, thus generating a digital certificate.

The applicant applies for a digital certificate from the CA through the CSR file. After obtaining the certificate, it can be proved that the applicant's website is credible and the data transmission is encrypted.

Next, let’s take a look at how the CSR file is generated.

(1) Generate using OpenSSL

Assume that the domain name applied is python.iswbm.com, the company name is Paison Time Technology, the department is IT, and the company is located in Shenzhen, Guangdong, China. You can generate a CSR file by running the following command line:

 $ openssl req -new –SHA256 -newkey rsa:2048 -nodes -keyout python.iswbm.com.key -out python.iswbm.com.csr -subj "/ C = CN / ST = Guangdong / L = Shenzhen / O = Paisong Time Technology / OU = IT / CN = python .iswbm.com"

This command line means:

• req parameter: indicates the certificate request, which is used to generate a CSR file.
• SHA256 parameter: indicates the digest algorithm used when signing the CSR.
• Newkey parameter: indicates the algorithm of the specified certificate. Parameter 2048: indicates the length of the key pair.
• nodes parameter: indicates that the private key is not encrypted.
• keyout parameter: indicates the generated private key file. The private key file named iswbm.key needs to be kept by yourself and is used in the deployment process after obtaining the certificate.
• out parameter: indicates the generated CSR file. The CSR file named iswbm.com.csr is used to submit to the CA organization for verification information to obtain a certificate.
• subj parameter: represents CSR information. For specific parameters, please continue to read below.

subj parameter description:

• C：Country, which means the country, the English or two-letter country code of the country where the applicant or the applicant enterprise is located. For example: CN
• ST: State/Province, which means the province, the full English or pinyin name of the province/city/autonomous region where the applicant or the applicant company is located. For example: Guangdong
• L: Locality, which means the city, the English or pinyin full name of the city where the applicant or the applicant company is located. For example: Shenzhen
• O：Organization, which means the name of the applicant or the name of the applicant company.
• OU: Organizational Unit, which means the full English or pinyin name of the department where the applicant works. For example: IT
• CN: Common Name, indicates the domain name for which you want to apply for a certificate. It can be a single domain name (such as python.iswbm.com), a wildcard domain name (*.iswbm.com), or you can apply for one certificate for multiple domain names (I have not done this specifically).

After the previous command is executed, two files will be generated in your local directory:

• python.iswbm.com.csr: used to apply for a certificate from a CA

 $ cat python.iswbm.com.csr
 -----BEGIN CERTIFICATE REQUEST-----
 MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ2Rvbmcx
 ETAPBgNVBAcMCFNoZW56aGVuMS0wKwYDVQQKDCTDpsK0wr7DpsKjwq7DpsKXwrbD
 ...
 7lgB4QC1aIFz8gi9TGMJU2LqTDJCj+tgM68LDBdMLeQ8XZ33C95Nl0qt7yG+zjlZ
 01jBh+T882r8x9gKdwb7nZSWFQY4/YTq+sY++YW/QuCNRcJ2vbM18U/HlIRsZ3su
 x6Neh08 =
 -----END CERTIFICATE REQUEST-----

• python.iswbm.com.key: private key, keep it to yourself and do not disclose it

 $ cat python.iswbm.com.key
 -----BEGIN PRIVATE KEY-----
 MIIEvwIBADANBgkqhkiG9w0BAQEFAAASCBKkwggSlAgEAAoIBAQC4OrcM9hTs9Hao
 SzjsVJFX2Mmd+mToMG3u++o2Fd5yrPYq4COkT33lnL9kJNrDWqGp5TRkWqNwLaPl
 ...
 a/lKBWLcvxE+IQ+mxNbN058kEJ3l8WAcAFCebLm5czUqmIVa3JR+cBDLvGFZVn6z
 72AP5D/Evds4BOO+VzAiVLU6Ai78qhACuVExZNQCxdvJy4LxpeckUpCem9hAPiIY
 LQfiTStBBU6t/+mnDyij+ XreGQ ==
 -----END PRIVATE KEY-----

(2) Use online generation tools

The method of using OpenSSL tools to generate CSR files is simple, but when using it, you need to understand the meaning of the parameters in the code.

If you don't want to remember all of this, I recommend you use the CSR online generator (https://myssl.com/csr_create.html)

You just need to enter the following information and click OpenSSL Generate, and you will get an OpenSSL command. Now you don't have to piece together the parameters yourself. It's really convenient. Why not click Generate to let it generate the private key file and CSR file directly? Of course, it's for security reasons.

5. TLS/SSL ensures information security

In information security issues, we often have to do three things to ensure the security of information:

• Confidentiality of Information
• Integrity of Information
• Identification

Combining these three is what TLS/SSL does.

• The client (browser) sends a request to the server, and the server returns the certificate to the client.
• After the client gets the certificate, it takes out the signature and plain text information in the certificate respectively, and then uses the public key of the CA organization it carries to decrypt the signature, then message digest 1, and then HASH the plain text information to obtain a message digest 2. Compare message digest 1 and message digest 2. If they are the same, it means that the certificate is legal, that is, the public key in the certificate is correct.

The above uses asymmetric encryption (CA's public key and private key), which ensures that the client receives the correct public key from the server. With the server's public key, subsequent information encryption can use this public key. The ciphertext encrypted with this public key can only be decrypted by the server's private key, and even if a hacker gets it, he cannot decrypt it.