You Are At: AllSands Home > Computers > Understanding digital certificates and how they work
Sending secure messages:

As more people send confidential information by e-mail, it is increasingly important to be sure that documents sent in e-mail are not forged, and to be certain that messages you send cannot be intercepted and read by anyone other than your intended recipient.

By using "digital IDs" you can prove your identity in electronic transactions in a way similar to showing your driver's license when you cash a check. You can also use your digital ID to encrypt messages, keeping them private. Digital IDs incorporate the S/MIME specification for secure electronic mail.

How do digital IDs work?

A digital ID is composed of a "public key," a "private key," and a "digital signature." When you digitally sign your messages, you are adding your digital signature and public key to the message. The combination of a digital signature and public key is called a "certificate."

Recipients can use your digital signature to verify your identity and use your public key to send you encrypted mail that only you can read by using your private key. In order to send encrypted messages, your address book must contain digital IDs for the recipients. That way, you can their public keys to encrypt the messages. When a recipient gets an encrypted message, their private key is used to decrypt the message for reading.

Before you can start sending digitally signed messages, you must obtain a digital ID and set up your mail account to use it. If you are sending encrypted messages, your address book must contain a digital ID for each recipient.

Where do you get digital IDs?

Digital IDs are issued by independent certification authorities. When you apply for a digital ID at a certification authority's Web site, they verify your identity before issuing an ID. There are different classes of digital IDs, each certifying to a different level of trustworthiness. For more information, use the Help at the certification authority's Web site.

In order to obtain someone else's digital ID, you can request they send you digitally signed mail, or you can search the digital ID database on a certification authority's Web site. You can also search Internet directory services that list digital IDs along with other properties.

How do you verify a digital signature?

With "revocation checking," you can verify the validity of a digitally signed message. When you make such a check, the e-mail client requests information on the digital ID from the appropriate certification authority. The certification authority sends back information on the status of the digital ID, including whether the ID has been revoked. Certification authorities keep track of certificates that have been revoked due to loss or termination.