Referring back to an old article published by the Bureau of Justice Assistance, the concept of “going paperless” has been around longer than a decade. It has failed to move forward for numerous reasons, but missing from that list is the technology itself. The technology has been around for the last 20 years.
In an attempt to go paperless, the idea for the digital signature is born. Digital signatures are an actual transformation of an electronic message using public key cryptography. The digital signature is tied to the document being signed, as well as to the signer, and therefore cannot be reproduced. Furthermore, digital signatures are legally admissible in a number of states already, and will be legally recognized nationwide and worldwide in the near future.
Digital certificates contain the name of the subscriber, the subscriber’s public key, the digital signature of the issuing CA, the issuing CA’s public key, and other pertinent information about the subscriber and his organization, such as his authority to conduct certain transactions. These certificates have a default life cycle of 1 year, and can be revoked upon private key compromise, separation from an organization, etc.
These certificates are stored in an on-line, publicly accessible repository. The repository also maintains an up-to-date listing of all the unexpired certificates which have been revoked, referred to as a certificate revocation list (CRL). The repository also maintains an electronic copy of the certification practice statement (CPS) of each CA that publishes certificates to it.
The graphic above contains representations of the digital signing and verification processes.
The graphic above is a representation of the PKI process flow.