Digital Signatures & Certificates (X.509)

#Beyond Integrity: Establishing Non-Repudiation#link

We've seen how hashes ensure integrity and HMACs ensure authenticity between two parties who share a key. But how do we trust a stranger's identity on the open internet? Digital signatures provide a way for a sender to prove their identity to anyone, without sharing a secret key beforehand.

The Mechanics of Digital Signatures

A digital signature is essentially a hash of a message that has been encrypted with the sender's *private key*. The receiver uses the sender's *public key* to decrypt the hash and compares it to a hash they generate themselves from the received message. If they match, the signature is valid.

The command above creates a signature. To verify it, the recipient would use the public key. However, this raises a new problem: How do I know the public key I'm using actually belongs to the person I think it does?

The X.509 Standard and PKI

X.509 is the standard format for public key certificates. It binds a public key to an identity (e.g., a domain name) and is signed by a Trusted Third Party called a Certificate Authority (CA). This creates a 'Chain of Trust' from the end-entity certificate up to a Root CA trusted by the OS or browser.

# View the details of a remote website's certificate
openssl s_client -connect google.com:443 | openssl x509 -text -noout

Vulnerabilities in Certification

The entire system collapses if a CA is compromised. If an attacker can force a CA to issue a fake certificate for `google.com`, they can perform a perfect Man-in-the-Middle (MitM) attack. This is why modern browsers use Certificate Transparency (CT) logs to publicly record all issued certificates.

• ▪Verify the CA chain
• ▪Check certificate revocation (CRL/OCSP)
• ▪Ensure the Subject Alternative Name (SAN) matches
• ▪Check the validity dates