General Security Concepts: Examining Digital certificates

Question 1

What are digital certificates?

Answer 1

Digital certificates are electronic documents issued by a trusted authority, known as a certificate authority (CA). These documents bind a public key to an individual, device, or service. These certificates serve as a means of authentication and encryption and are used to: + Secure communications using, among others, HTTPS, Secure Shell (SSH), and Secure File Transfer Protocol (SFTP). + Create digital signatures. + Provide access control. + Provide strong authentication.

Question 2

What are digital signatures?

Answer 2

Digital signatures use a private key to create a unique value attached to a document or message. This allows anyone with the corresponding public key to verify the signature, ensuring it hasn’t been tampered with and was indeed signed by the private key holder.

Question 3

What are X.509 certificates?

Answer 3

X.509 Certificates: Used for authentication, secure email, SSL (Secure Socket Layer) and TLS (Transport Layer Security) encryption, code signing, virtual private networks (VPNs), and more.

Question 4

What are the file extensions for X.509?

Answer 4

.cer

.crt

.der

.pem

.pfx

.p12

Question 5

What are PKCS#7 Used for?

Answer 5

Public-Key Cryptography Standards #7 (PKCS#7) certificates: Used for secure email attachments, code signing, and digital signatures for documents.

Question 6

What are the file extensions for PKCS#7?

Answer 6

.p7b

.p7c

Question 7

What are the subcategories of digital sign and email encryptions under PKCS#7?

Answer 7

.p7m - S/MIME = Signed and encrypted email

.p7s - S/MIME = digtitally signed messages

S/MIME = Secure/Multipurpose Internet Mail Extensions

Question 8

What is PKCS#12 used for?

Answer 8

Public-Key Cryptography Standards #12 certificates: Used for storing private keys and associated X.509 certificates chains, often for secure authentication.

Question 9

What is PKCS#12 extensions?

Answer 9

pfx

.p12

Question 10

Privacy Enhanced Mail (PEM) certificates: Used for SSL/TLS certificates. Can include certificates, private keys, and CA bundles?

Answer 10

.pem

Question 11

Distinguished Encoding Rules (DER) certificates: Used in binary format for SSL/TLS certificates and code signing?

Answer 11

.der

.cers

Question 12

What is PGP certificates?

Answer 12

Pretty Good Privacy (PGP) certificates: Used for secure email communication and encryption of files and messages, does not need digital certificates or trust authority, where your own local computer generates. Can be signed by anybody and need to confirm by user. File extensions include:

.pgp

.asc