Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Certificate-based encryption
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
'''Certificate-based encryption''' is a system in which a [[certificate authority]] uses [[ID-based cryptography]] to produce a [[Public key certificate|certificate]]. This system gives the users both implicit and explicit certification, the certificate can be used as a conventional certificate (for signatures, etc.), but also implicitly for the purpose of encryption. ==Example== A user ''Alice'' can doubly encrypt a message using another user's (''Bob'') public key and his (''Bob's'') identity. This means that the user (''Bob'') cannot decrypt it without a currently valid certificate and also that the certificate authority cannot decrypt the message as they don't have the user's private key (i.e., there is no implicit [[escrow]] as with ID-based cryptography, as the double encryption means they cannot decrypt it solely with the information they have). Certificate is the trust between two parties. ==Key revocation== [[Key revocation]] can be added to the system by requiring a new certificate to be issued as frequently as the level of security requires. Because the certificate is "public information", it does not need to be transmitted over a secret channel. The downside of this is the requirement for regular communication between users and the certificate authority, which means the certificate authority is more vulnerable to electronic attacks (such as [[denial-of-service attack]]s) and also that such attacks could effectively stop the system from working. This risk can be partially but not completely reduced by having a hierarchy of multiple certificate authorities. ==Practical applications== The best example of practical use of certificate-based encryption is [[Content Scrambling System]] (CSS), which is used to encode [[DVD]] movies in such a way as to make them playable only in a part of the world where they are sold. However, the fact that the region decryption key is stored on the hardware level in the DVD players substantially weakens this form of protection. ==See also== * [[X.509]] * [[Certificate server]] ==References== * Craig Gentry, Certificate-Based Encryption and the Certificate Revocation Problem, ''Lecture Notes in Computer Science'', pp. 272 β 293, 2003 [http://eprint.iacr.org/2003/183.pdf]. * [https://utopia.fans/security/is-whatsapp-safe-and-secure/ WhatsApp end-to-end data encryption] {{DEFAULTSORT:Certificate-Based Encryption}} [[Category:Public-key cryptography]] [[Category:Identity-based cryptography]] [[Category:Digital rights management systems]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)