While any sort of in-depth discussions of certificates let alone assymetric encryption is far beyond the scope of this page, I am constantly surprised by how little people understand about certificates. While I wouldn’t consider myself to be an expert, I understand the basics and can help you understand enough to make good decisions. What’s truely scary is this knowledge is enough to get you called a crypto-geek in many circles.
Symetric encryption can best be described as having a shared secret. If you know that secret, then you can both encrypt and decrypt a message.
Encryption plain text message + secret -> cipher text Decryption cipher text + secret -> plain text message
While symmetric encryption is by far the easiest to understand, the problem is if you know the secret, you can encrypt and decrypt. If a party can intercept the messages and knows the secret, they can alter the communications and it is very hard to securely share a secret. On the positive side, symmetric encryption is faster, so in practice asymetric encryption is used to protect secrets and then symmetric encryption is used to protect the actual data.
For assymetric encryption, a key pair is generated. This key pair has a really interesting property that anything encrypted with one half is decryptable with the other half. More interestingly, even if you have a cipher text and the key used to do the encryption, you cannot decrypt the message without the other key. When a key pair is generated, one half is designated public while the other is designated private.
Encryption plain text message + public key = cipher text Decryption cipher text + private key = plain text message
Note: Alternatively, you can use the private key in the encryption step, but then you must use the public key during the decryption step.
For the purposes of this conversation, we’ll assume you are attempting to create a certificate signed by a trusted CA.
- Generate an assymetric key pair
- Generate a certificate signing request (CSR)
- Submit the CSR to the certificate authority (CA)
- Obtain the certificate from the CA