What’s One of the Most Important Things in Cybersecurity, But Is Possibly The Least Understood By Professionals?
Meet X.509 and the wonder of PKI (Public Key Infrastructure)
Now, what is one of the most important things in cybersecurity, but is one of the least understood things? Well, I think it is digital certificates, and how they integrate into PKI (Public Key Infrastructure). Go ask a cybersecurity professional about how digital certificates are created and used, and it’s likely that they will struggle to explain them fully. But, overall, they basically hold a trusted public key of an entity, and which has been validated by another entity which is generally trusted.
Bob and Alice Meet Trent
If Alice wants to prove herself to Bob, she digitally signs a message with her private key, and where Bob can prove this signature using her public key. For this, we need Trent to sign a digital certificate with Bob’s public key, and he will then use his private key to do this. Bob then checks the signature on this certificate using Trent’s public key. If Bob trusts that Trent has checked Alice’s public key, he can trust the public key from the certificate. Trent’s public key can then be installed onto Bob’s computer as a root certificate. If Bob finds that Trent’s…
