On 22/04/06 23:25 +0530, Saswata Banerjee & Associates wrote: <snip>
The other providers of Digital Certificates includes MTNL. While TCS is charging Rs. 2075 for a 1 year valid certificate, MTNL is charging Rs. 350. They are sending it to you on email !! Ofcourse, they are doing this only at Malabar Hill Exchange and you have to go personally to their office and they will verify that you are the person whose name is on the form and your address, photo, etc.
Email is just fine for sending a public key around. A quick tutorial on S/MIME (trying to avoid too many technical details):
S/MIME uses a technique known as asymmetric key cryptography. In this, there are two distinct keys involved: a public key, and a private key. These are fully reversible, so it doesn't matter which one of the pair is made the public key.
However, an encryption operation done with one element of the key pair can only be undone by using the other element of the keypair. So if I use the public key to encrypt information, only someone with access to the private key can decrpyt it. If I use the private key to encrypt data, only the public key can decrypt it.
A digital signature consists of the public key, the name of a hashing algorithm and an encrypted hash of the public key generated using that algorithm. The encryption is done using the private key of the signing party.
The hashing algorithm converts long bits of information into smaller ones. This acts like a checksum, but there are possibilities of collisions (two different strings producing the same checksum) since the length of the string is reduced. A good hashing algorithm makes for unique hashes with a very low probability of collisions. For example, md5 has a 1/(2^128) probability of a collision, while sha160 has 1/(2^160). At the moment, neither of these is a good choice for a hashing algorithm.
The public key is widely distributed, allowing anyone to decrypt the hash and verify that the public key thus obtained was the same as the one given to the signing party.
About PKI: PKI stands for Public Key Infrastructure. This consists of a chain of certificates generated as above. If you have any one of the public keys, you can verify all keys signed by that key. It is possible to then use the verified key to verify keys below it in the hierarchy.
If you have the key at the top of the chain, you can validate all keys below it. This automatically leads to a tree like model of trust.
I do not know much on Digital Certificates. However with this becoming a major part of commercial and business transactions, I hope what the government is doing does not work only on Windows. If necessary, we (or perhaps FSF) will need to initiate a dialog with the government.
There is a pretty good implementation of PKI on Linux, and other Unixy systems named OpenSSL.
Devdas Bhagat