Asymmetric Key Algorithms

Previously you learned about asymmetric key algorithms and you should understand that asymmetric encryption requires two keys: public and private. As a review, using the flashcards define asymmetric key encryption, public key, private key, and digital certificate. Then read the section on asymmetric encryption.

Validating a certificate is a task that falls on the end user. The end user is the one trying to figure out if the certificate presented is valid. Usually, this is done by the user's software.

The process for validating a certificate includes the following steps.

  1. Compare the CA that signed the certificate to the CA in the receiver's computer

  2. Calculate a message digest for the certificate

  3. Use the CA public key to decrypt the signature and recover message

  4. Review validity dates

  5. Review identification information

  6. Compare encrypted and decrypted message to prove integrity

  7. Check revocation list for certificates

There are two techniques for checking whether a certificate has been revoked. The first is the certificate revocation lists (CRL) which are issued periodically by a CA that contains a list of certificate serial numbers that are invalid. The second method is an online check called Online Certificate Status Protocol (OCSP).OCSP is a protocol that browser software uses to query a CA dynamically for the revocation status of a certificate.