EscapeE Home  | About Us  | Search  | Next  | digital docuement authentication
Document authentication  
Digital Certicate

xml signature

A Digital Certificate overcomes one of the problems of signing technology. You can authenticate a file using the digest and the signature but how do you verify that the private key and the matching public key belong to the file originator?

The trust problem is resolved by delegating the issue of keys to a third party called a Certificate Authority(CA). The CA researches the credentials of the user and will only issue a private key to a reputable person. The corresponding Public Key is created as part of a larger file called a Digital Certificate listing the address and additional user information. The certificate is in turn digitally signed by the CA.

xml document
Next
xml document
 xml document
The certificate store on a Windows PC is maintained by Internet Explorer and other utilities. Click Tools, Internet options, Content, Certificates.
 
Tools, options, content, certificates
 
 
Each certificate is placed in a named store depending on purpose or the "trust" status of the certificate.
 
e.g. If a user of Windows XP installs a code signed executable there will be a challenge dialogue unless a corresponding digital certificate is placed in the "Trusted Publisher" certificate store.
 
 digital certificate
signing certificate The RedTitan XML Digital Document Authentication system will display the certificate that contains the public key that matches the private key used to sign a named document as part of the verification process.
 
To enable Document Authentcation signing the user must obtain a certificate and an appropriate private key from a Certificate Authority. e.g. THAWTE
 
By default, Redtitan use the RSA laboratories PKCS #7 Cryptographic Message Syntax Standard format certificates and PVK format private keys.
 
The private key can also be installed in a "container" attached to the Microsoft certificate. In this case it is never exported to plain text and is protected by Windows login security.
 
A Certificate Authority supplies the PKCS#7 format file containing both the user (subject) certificate and certificates that support the CA status. The authentication process checks the status of each certificate in the "trust list" to see that each document is "in date" and has not been revoked or otherwise compromised.
 
© RedTitan Technology 2013. All rights reserved. | company info | search |