What is a digital certificate? What are digital certificates used for?
A digital certificate is a credential that facilitates mutual verification of identities between users in transactions. Just like a passport can prove a person's identity as a citizen of a country, the purpose of a digital certificate is to establish an identity for a user within an ecosystem.
Because digital certificates are used to identify users who receive encrypted data or verify the identity of the signer of a message, protecting the authenticity and integrity of the certificate is critical to maintaining the trustworthiness of the system. Public key infrastructure (PKI) uses digital certificates to bind public keys to associated users (owners of private keys).
What is an Issuing Authority?
A Certificate Authority (CA) is the core component of a Public Key Infrastructure (PKI) responsible for establishing a hierarchical chain of trust. CAs issue digital certificates for authenticating user identities.
CAs underpin the security of PKI and the services supported by PKI, so they are inevitably the focus of sophisticated targeted attacks. In order to reduce the attack risk faced by issuing authorities, physical and logical controls and hardening mechanisms (such as hardware security modules) have become necessary to ensure the integrity of PKI.
What is Code Signing?
In public-key cryptography, code signing is a special use of certificate-based digital signatures that organizations can use to verify the identity of a software publisher and to certify that the software has not been altered since it was released.
Digital signatures provide software publishers and in-house development teams with a proven cryptographic process that helps protect end users from a variety of cybersecurity threats, including Advanced Persistent Threats (APTs) such as Duqu 2.0. Digital signatures ensure the integrity and authenticity of software. Digital signatures enable end users to verify the publisher's identity and verify that the installation package has not been altered since it was signed. All modern operating systems look for and verify digital signatures during installation, and a warning that the code is not signed may cause the end user to abandon the installation.
什么是数字签名?
Digital signatures provide software publishers and in-house development teams with a proven cryptographic process that helps protect end users from a variety of cybersecurity threats, including Advanced Persistent Threats (APTs) such as Duqu 2.0. Digital signatures enable end users to verify the identity of the publisher and at the same time verify that the installation package has not been altered since it was signed, thus ensuring the integrity and authenticity of the software and documentation.
More than just an electronic version of a traditional signature, a digital signature leverages cryptography to dramatically increase security and transparency, both of which are critical to building trust and legal validity. An application of public key cryptography, digital signatures can be used in many different contexts, from citizens submitting online tax returns, to purchasers signing contracts with suppliers, to electronic invoices, to software developers issuing code updates , everything you need.
What is a timestamp?
Timestamping complements the practice of digital signatures, enabling organizations to record when a digital item (such as a message, document, transaction or software) was signed, reflecting increasing value. For some applications, the timing of digital signatures is critical, especially in stock trading, lottery issuance, and some legal processes.
Even if time is not inherent to the application, time stamping can be helpful for record keeping and auditing processes, as it provides a mechanism to prove that a digital certificate was valid at the time it was used. The growing importance of digital signature solutions has created a corresponding need for time stamping, so many software programs, such as Microsoft Office, support time stamping functionality.
The Risks of Insecure Timestamping
Lack of trust in electronic processes can lead to costly paper records backing up electronic records.
An attacker can easily subvert the software-based timestamping process by manipulating the computer clock, thereby rendering the entire signing process useless.
Room 1003, 10th Floor,Building 1st, Taijiale Industrial Park,Tongguan Road,Tianliao Community, Yutang Street, Guangming District, Shenzhen
