Certificate basics… “que me importa”

While working through some mentoring sessions, and various projects, the topic that everyone in IT apparently “loves“, popped it’s head up a couple of times… [Digital] Certificates. So, what are they, what do they do, and why should I care? (Basically "Who are you and why should I care" - Thor)

Back in the day… Oh idk, let’s say between late 2002 and mid 2005 (my memory is getting a little fuzzy at this point {rapmancy}), anyways… I was sitting in a Relational-Database class writing SQL queries, and reports that were leveraging concatenated keys and producing some basic HTML Static output tables. So, I asked my professor “if I’m just writing THIS output in plain HTML; can’t everyone see it or sniff it?” He went on to elaborate “that within our network at school there was low risk of this happening, but watch what happens in the world asks that question. If you figure out how to secure data in transport, you will never have to work again.” Sadly, I was not the person to introduce HTTPS as a mainstream transport protocol to the world, nor stuff a ridiculous amount of traffic inside it, hence my ongoing employment, and this article … But let’s peel back that “S” there in HTTPS.

HTTPS adds “Secure” to a normal HTTP conversation. So how does this “secure” the conversation? A little bit of technology mixed with a bit of trust (I know, I don't like it either).

Well, let’s take a BIG step back and look at the components of this technology at a slightly less technical level… If you travel internationally, you probably [should] have a passport issued to you as an individual (although if you’re a spy, like Michael Weston, you may have several issued to you). Assuming you’re not Michael Weston, the passport you have was probably issued from whichever country you are either a citizen or resident of.

OK… Let’s make this a little easier to demonstrate, and use a fictional identity that I may, or may not, be known by; just as an example. Look below at this super advanced Passport I built in freeform:

On this document, we can see a bunch of information. Some personal information including the Surname, First Name, Date of Birth and Photograph of the individual. Some items on the document are also included to validate the document’s actual validity, like the “Issued by”, Document Date of Issuance, Document Date of Expiration, and the Document’s unique number.

And, now that you see how bad my document producing skills are (picture above), how does this relate to certificates (for identities)? Well Certificates, pretty much at a basic level, contain this same type of information. Who issued you the certificate? Is it valid? Do I or Why should I trust you? Did apple make that memojii creeper smile & pose, simply because you and your close group of friends had been sending selfie pics that way for years prior, via trans-continental messaging apps while touring Europe and South America?

Ok, let’s start with the “Trust” portion of certificates… Let’s assume Señor (Sr.) Robot is a citizen of the country “SOMEWHERE” and is trying to travel within the country of “SOMEWHERE”. In our example above, you can see Sr. Robot has been issued a passport by “SOMEWHERE” . The passport being presented by Sr. Robot can in fact be “trusted”, so long as he is presenting it while traveling within “SOMEWHERE” (as a country), and the person checking the passport has access to the “SOMEWHERE” database of residents. This is due to the fact that “SOMEWHERE” has issued the passport that Sr. Robot is presenting at each stop within the country of “SOMEWHERE”. Are you still with me? It’s pretty straight forward, hopefully…

Let’s translate the prior paragraph into “computer terms”. Let’s assume Sr. Robot is now a computer, trying to connect to a network named “SOMEWHERE”, which requires a valid authentication for entry. In our example above, Sr. Robot’s Computer has been issued an Identity Certificate (passport) by the network (SOMEWHERE). When Sr. Robot’s Computer tries to access the network (travel), it will be able to present it’s issued Certificate (passport) to the network (SOMEWHERE) for validation (TSA agent). Hopefully that’s not too bad of a translation into a “techie” explanation…

This was a quick 1000FT view of how Certificates function. I’ll dive into some more detailed explanations as time allows. Keep learning

• Stark Out