In this blog we shall reveal the uses for certificates, uncover how to
combat abused certificates and dig deep into an example of how
malicious software can be digitally signed to pass certification
verification.
What is a certificate?
In cryptography, a public key certificate, also known as a digital
certificate, is an electronic document that uses a digital signature to
bind a public key with an identity — information such as the name of a
person or an organization, their address, and so forth. The certificate
can be used to verify that a public key belongs to an individual. The
digital certificate certifies the ownership of a public key by the named
subject of the certificate. This allows others (relying parties) to
rely upon signatures or assertions made by the private key that
corresponds to the public key that is certified. The certificate
authority, or certification authority (CA), is the entity that issues
digital certificates. In the model of trust relationships, a CA is a
trusted third party that is trusted by both the subject of the
certificate and the party relying upon the certificate.
…(read more)