Unlock Digital Signature Legitimacy for Mortgage Quote Request in Mexico with airSlate SignNow

How to eSign a document: digital signature legitimacy for Mortgage Quote Request in Mexico

in this tutorial we'll look at an introduction to digital certificates but first we'll review some encryption techniques that we've learned in our last video so we've got two types of encryption systems that we can use here let's suppose we've got some plaintext and we use a key to encrypt it if we use the same key to decrypt it this system of encryption and decryption is called symmetric the key size is fairly small 256 bits being one of the larger ones and it provides us a level of security for encryption that today can't be broken in a in a reasonable amount of time now one of the problems with this symmetric system is in key distribution how do we get the keys to both ends that's solved by a system a different encryption system they both are based on both systems are based on prime numbers and math but there's a different a different process used in the public key systems so this is called the public key infrastructure system here PKI and it uses two keys so when we have plaintext we use one key to encrypt but a different key to decrypt and the decryption key is your private key and your encryption key is generally your public key that you distribute so how this works here is that suppose information is going to come this way this end user here they distribute their public key so out to the world anyone can get it and so if this end wants to send communication to this device they simply use this public key to encrypt the information so private key is kept secret with this user when they get the information they'll use the product key to decrypt now this these keys are fairly large they can be as large as 2048 bits and the encryption is slow however this system is used to exchange symmetric key so if I have and have created a symmetric or want to get us let's suppose I want to get a symmetric key so let's suppose there's a symmetric key over here and I want to get it here I can send my public key the key itself which is just a number can be encrypted sent to me and I'm the only one that can decrypt it now both ends here have the same cement cookie and can use a symmetric key session for encryption why would we want to do that well because these keys at 256 bits in and the encryption is very much faster fast encode and decode so we'll use this slower system with larger keys so here to get the same type of security that we have here with 256 bits we've got to use maybe up to 2048 bits so the encryption is very very slow but we're only doing that at the beginning of our conversation so two systems now we use an example of where encryption is used in digital communications and in particular we'll look at SSL communications which are used between web clients and web servers now SSL stands for Secure Sockets Layer and it is a means of providing encrypted security between a client and a web and you'll notice that you're getting SSL communication various web browsers when you see this type of indicator usually it's a lock and if I click on there I can see that what that means is that that saying I'm connected to this domain and it's being verified by a third party and you can get more information about what's called the certificate by clicking here and what that does is it provides trust to the end user why would we want to do have trust well from this website and maybe purchasing something so I may be sending my credit card information over there so I want to trust that that web site is going to encrypt the communication it's not going to be intercepted and that my credit card information is going to be is going to be secure so let's look in detail at this idea of a digital certificate what is it designed to do so it's an electronic credential and it's used to assert the online identity of either an individual usually a company computer like a server any entity organizations that may be using a network that you want to connect to and typically we're using these for commerce but digital certificates are used well beyond just SSL use so they're similar to ID cards like a passport or a driver's license now certificates contain a few things but at its heart certificates contain a public key that's probably the number one most important thing because we want to have encrypted communications note they do not include a private key and bill is the identity of the owner now digital certificates can offer some further protection or further features and that is one of trust so you can have a certificate that is actually that you've obtained or is issued by what is called a certificate authority and a certificate authority validate the identity others ticket holder and if we go back and look at our example bring that up here for a second you'll notice that end trust here was the certificate authority that is validating or telling you that you're actually connected to NSC CGA you're not connected to any hacker site that's going to get your information now you can have self signed certificate so we'll look at this in a bit and a self signed certificate is a case where you build your own server and you put up a website and built into that feature is the ability to create a certificate now you if you want to use SSL communications you have to have a certificate that's part of the mechanism built into using SSL so you can just generate your own certificate and you can say hey I'm John Smith and my organization is the Acme corporation you can put that on the certificate but you have no invalidating that so but that's called a self-signed certificate so let's look in detail about this idea of a certificate authority because generally we want to make sure certificates are that we're going to trust these certificates so how does the user generate or get a certificate well user first has to make sure they've generated their two keys their private key and their public key because they're going to use the PKI infrastructure is part of how certificates are generally are generally used in secure communications they're going to then provide some user identification information your your address what type of business you're in and they're going to make a request to a certificate authority there are many of them we talked about in trust there so that's going to go to a certificate authority and they're going to verify validate to user identification I may even be phone calls maybe visits or whatever and they're going to build a certificate for that user now they're going to charge a fee for that as well but what they're going to do is they're going to give you a file that will be your digital certificate and on that file or your certificate will be your public key information on the certificate authority here if we use them trust that information would be in the certificate and then information on who's holding the certificate so in our example there it was NSC CCA because we were connecting to their site and that example we were connecting to a male site and we returned the certificate to the user for use in their company's web site now how do we go back how do we how do we generate this request to the certificate authority so if we look at a what's called a certificate signing request CSR how do we generate that well what happens is we can use actually a command that comes with many web servers many web servers use an open source program for generating web creating a web server Apache is one of the common ones and one of the programs that are typically used to something called open SSL along with Apache and open SSL is an open source standard piece of software and designed for implementing the SSL or encryption communication that will go between the web server saying Apache web server and a client and you can use one of these commands here to actually generate your public key and private key and make the certificate signing request and that will eventually go to a certificate authority who are some of the major players in the certificate authority game you can see you have Komodo probably the largest one Symantec GoDaddy and so on if you want to these certificates have to be purchased and you'll notice that this is semantics website and they have a lot of different features so you can get certificates with various levels of encryption security and some other features and cost quite a bit so you've got about fifteen hundred dollars aus here you get a basic one you can pay as little 300 but certainly a few hundred dollars to several hundreds of dollars for an SSL certificate hence the need the reason why not all certificates come from a certificate authority so don't take another look at this self signed certificate well the SSL certificate the number one feature of it the provides encryption so that's the number one reason for it so it doesn't matter whether it's self signed or comes from a CA any certificate will provide encryption using a public key the trust issue is why you use a certificate with a CA because if you use a self-signed certificate you are prone to something called a man-in-the-middle attack so let's look here we've got our client and we've got our web server here and ideally that simply connects to the web server and it's going to use those certificates actually the certificate is going to be sent back information in the cert and they're going to have an encrypted communication so whether this certificate is self signed or not everything is going to work fine however there's a few things that can happen if you use a self signed certificate it could be so the hacker has gotten somewhere in the middle here this could be the Internet it could be a small business like an internet cafe but somehow you have got an evil presence here and when you make a request that you think you're making to this website it's actually going here now what's happening because you're using a self-signed certificate that self signed certificate is coming now from this evil entity because you're using a self-signed certificate you really don't know you don't have any trust in the certificate the certificate will say it's coming from maybe this world you're trying to connect to the Acme corporation to buy something online so this certificate mimics that certificate and says hey I'm the Acme corporation and here's my certificate you'll do encrypted communication but now between the evil entity and so all your credit card information will be decoded because you're now using the public key of this entity so when that happens that's called a man-in-the-middle attack now sometimes you need to use self-signed certificates you are doing some testing in a lab and you want to test a website so you simply make a self-signed certificate most web servers have the ability to do something else which is a little more secure and that is you can actually set up a little certificate authority on your own internal businesses in your organization's web server and it will be self signed but what this does is this creates a root certificate and if you can go to all the machines in your organization and this root certificate what will happen is all those machines be able to validate that it came from this machine so you're far less prone to a man-in-the-middle attack now this is more work so self-signed certificates are out there how do you recognize that you've gotten a self-signed certificate well if you browse to a website and you get a little pop-up from your browser and says this site is not trusted do you want to continue okay well if you continue there's nothing validating that you're on the site that you think you're on some small businesses actually do this because we don't want the expense of getting a certificate however this you should not give this website any private information whatsoever so you can have self-signed certificates they're great in educational use we want to build a server very quickly we want to test it out with some clients we're in a pretty secure environment everything is everything is just sort of temporary we're not doing any private information exchange and so you'll sometimes see self-signed certificates okay so let's look at how this process actually works with the certificate with a web browser and a web server so there are four steps here I'm going to add step zero as the initialization step because I have a web browser and it's going to say hmmm I want to go to NSE CCA and get my when mail so it's going to say HTTPS and it's going to use the web mail address NSC CCA is going to want to connect so my first request is to the web server saying I want to use SSL communication and attach to you to send private information so when that request comes in the first thing that's going to happen the web server and the browser need to set up some way to communicate in an encrypted fashion so they both need the same key and because they're going to use symmetric encryption system but how do they get that key okay so what happens is this web server says okay I'm going to send you my public key across the web browser now the web browser here it creates this symmetric key and now it has a way to get it back to the web server because it's going to use the public key that was sent across it's going to use this public key that was sent across so this is got a public key and I'll use a slightly different maybe this is it's bad color maybe this is the private key so it sends a public key a cost in this certificate because the certificate goes across and the web browser looks at their certificate it says that okay you are NSE CCA so it looks at the trust maybe that certificate has been validated by a CA so you'll see the N trust or the CAS information so your browser built into your browser are a list of all the CAS that are trusted and interest is one of them that's actually built into the browser so that big see a list of all the CAS in the world that a trust if it's not in the web browsers software you're going to get that little message of this is not a secure site type of thing with this public key it's going to encrypt this symmetric key for its session it sends that symmetric key encrypt it it's going to be sent across but it's going to be encrypted with this this business with this public key here of the web server the web server now applies its private key to that package and it doesn't matter if this key information is intercepted no one can decrypt it and get the our symmetric key so it's going to decrypt it and now we have on both ends we now have the same cement could key now that we have a symmetric key we can encrypt information and two enemy encrypted very quickly and so information flows back and forth and the encryption process is very fast so that's the use of certificates that's why they're important that and all ecommerce sites that are on the Internet will have a certificate an SSL certificate that is validated by an external certificate authority