A digital signature mimics in the virtual environment the function of a hand-written signature in printed documents. Information related to a unique user is encrypted in a private key that is appended to any message sent by this user. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. It authenticates the identity of the user and guarantees the integrity of the message. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering.
A digital certificate is an electronic equivalent of an identification card such as a passport or driving license. It unequivocally establishes the identity of the user when exchanging information over the internet.
A Digital Certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a digital certificate. You can use certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message.
Digital Certificates are issued only through a valid Certification Authority (CA), Yatanarpon CA is the first leading company in Myanmar. You can apply Registration Authority of Yatanarpon CA to apply digital certificate.
The private key of the CA is essential to the certificate and is kept secret, while the public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
Digital certificates can be used for signing email, encrypting messages, executing electronic financial transactions, e-commerce, securing web servers and much more.
You can use Digital Certificates for the following:
• For secure email and web-based transactions, or to identify other participants of web-based transactions.
• To prove ownership of a domain name and establish SSL / TLS encrypted secured sessions between your website and the user for web based transactions.
• As a developer, for proving authorship of a code and retaining integrity of the distributed software programs.
oufaocHvufrSwfudk oifhawmfaom toHk;csrSK (Appropriate Certificate Usage)
Yatanarpon CA rS oufaocHvufrSwf iSm;&rf;oHk;pGJolrsm;tm; xkwfay;aom oufaocHvufrSwf rsm;udk –
- 'pf*spfw,fvufrSwfa&;xdk;&ef (Sign)?
- E-mail udk vQdKU0Sufuk'fajymif;í ay;ydkYEdkif&ef(Encrypt) ?
- ay;ydkYaom tcsuftvufrsm;udk rlvpmtwdkif; ajymif;vJzwf&Sk&ef (Decrypt)?
- E-mail ay;ydkYol rnfolrnf0gppfrSefaMumif; taxmuftxm; tjzpftoHk;jyK&ef? (Prove Identity)
- Code Signing jyKvkyf&ef?
Application rsm;ukd Authenticate (Client/ServerAuthentication) jyKvkyf&efwdkYtwGuf toHk;jyKEdkifygonf/
A digital certificate explicitly associates the identity of an individual/device with a pair of electronic keys - public and private keys - and this association is endorsed by the CA. The certificate contains information about a user's identity (for example, their name, email address, the date the certificate was issued and the name of the Certifying Authority that issued it.).
These keys complement each other in that one does not function in the absence of the other. They are used by browsers and servers to encrypt and decrypt information regarding the identity of the certificate user during information exchange processes. The private key is stored on the user's computer hard disk or on an external device such as a smart card. The user retains control of the private key; it can only be used with the issued password.
The public key is disseminated with the encrypted information. The authentication process fails if either one of these keys in not available or do not match. This means that the encrypted data cannot be decrypted and therefore, is inaccessible to unauthorized parties.
A digital signature is an electronic method of signing an electronic document whereas a Digital Certificate is a computer based record that
• Identifies the Certifying Authority issuing it
• Has the name or the identity of its subscriber
• Contains the subscriber's public key
• Is digitally signed by the Certifying Authority issuing it
Personal certificates serve to identify a person. They can be used to secure e-mail correspondence or provide enhanced access control to sensitive or valuable information.
Signing an e-mail message means that you attach your Digital Certificate to it so that the recipient knows it came from you and was not tampered with en-route to their inbox. Signing authenticates a message, but it does not provide protection against third party monitoring.
Encrypting a message means scrambling it in such a way that only the designated recipients can unscramble it. This safeguards messages against monitoring or interception. In order to send a signed message, you must have a Digital Certificate. Since message encryption is done using specific keys available in the certificate, you cannot encrypt a message unless you possess the recipient's Digital Certificate.
You can digitally sign any e-mail as long as the recipient has an e-mail application, which supports S/MIME. But you can not encrypt the message.
Microsoft Internet Explorer Users: Signed messages will be shown in the inbox (or any other folder) with a red ribbon on the envelope icon. Encrypted messages will show a padlock on the envelope icon.
Netscape Communicator Users: Any signed e-mail you receive will have a prominent icon in the upper-right corner of the message saying "signed" or "encrypted" or both. If you want more information about the security of a message, click on the Security button above the message.
No, you cannot. A digital certificate e-mail address combination is unique.
Yes, digital signatures can be employed in wireless networks.
No, you cannot use a Digital Certificate that has been purchased by you as an individual for your website. A Digital Certificate meant for use by an individual is applicable to sending and receiving secure email and executing personal web-based transactions through web browsers. If you require a Digital Certificate for your website, you need to purchase one that is specific to the functionality of the web-based transactions handled on your website.
No. You will not be able to use one certificate on different websites because the certificate is explicitly associated with the exact host and domain name.
No, you control the presentation of your Digital Certificates to websites through the settings in your web browser.
To define whether or not you would like your Digital Certificate to be sent automatically to the websites you access, the set up procedure is as follows:
Microsoft Internet Explorer Users: Internet Explorer always asks you whether to send Digital Certificate information to any website requesting it, and allows you to choose which Digital Certificate to use (if you have more than one installed).
Netscape Communicator Users:
1 Click on the Security Preferences button (the one that looks like a padlock) on the Main toolbar.
2 Click Navigator from the menu on the left.
3 From the "Default Certificate to present to websites" pop-up list, select one of the available options:
• Digital Certificate to use automatically
• Ask every time (the default setting)
• Let Navigator choose
A Certifying Authority is a trusted agency whose central responsibility is to issue, revoke, renew and provide directories for Digital Certificates. "Certifying Authority" means a person who has been granted a license to issue Digital Signature Certificates.
oufaocHvufrSwfxkwfay;ydkifcGifh&Sdol (Certification Authority(CA))
CA rsm;onf Root CArSxkwfay;aom oufaocHvufrSwfrsm;udk iSm;&rf;oHk;pGJrnfholrsm; jzpfygonf/ CA rsm;onf wpfOD;csif; aomfvnf;aumif;? tzGJUtpnf; aomfvnf;aumif; jzpfEdkifygonf/ CA rsm;onf oufaocHvufrSwf iSm;&rf;oHk;pGJol (Subscriber) rsm;tm; oufaocHvufrSwf xkwfay;ygonf/
tDvufxa&mepfqufoG,faqmif&Gufa&; A[kdtzGJY\ cGifhjyKcsufjzifh MuD;MuyfrSKtzGYJYrS xkwfay;xm; aom CAvdkifpif &&Sdxm;olrsm;om jrefrmEdkifiHtwGif; CA tjzpf vkyfaqmif Edkifygonf/
A Registration Authority is an entity that performs identification and authentication of certificate applicants for end-user certificates, initiates or passes along revocation requests for certificates for end-user certificates, and approves applications for renewal or re-keying certificates on behalf of a CA. Yatanarpon CA acts as a RA for certificates it issues.
rSwfyHkwifcGifhvkyfay;ydkifcGihf&dSol (Registration Authority (RA))
rSwfyHkwifcGifh vkyfay;ydkifcGihf&dSol (RA) qdkonfrSm oufaocHvufrSwf avQmufxm;ol\ taMumif;t&mrsm;ESihf ywfoufí vufcHaqmif&Guf rSwfwrf;wifjcif; (Registration)? avQmufxm;oltrSef wu,f[kwf? r[kwfppfaq;jcif; (Identification) ESihfoufaocHrIppfaq;jcif; (Authentication)wdkYtwGuf wm0ef,l aqmif&Gufay;aom vlyk*¾dKvf (odkYr[kwf) tzGJUtpnf;wpfck jzpfygonf/ (qdkvdkonfrSm RA onf CA udk,fpm; rSefuefrI&Sd? r&Sd ppfaq;jcif; (Identification) ESihf oufaocHrIppfaq;jcif; (Authentication) wm0efrsm;udk aqmif&Gufay;ygonf/) oufaocHvufrSwfavQmufxm;jcif;rsm;udk ppfaq;&ef CA onfvnf; RA tjzpf aqmif&GufEkdifygonf/
Root CA is involved in the monitoring and compliance of online security policy implementations in the country. These controls include
Root CA is the Root Certifying Authority of Myanmar. It was established by the Myanmar ICT Act and is responsible for digitally signing the public keys of all the licensed CAs in the country.
The Root CA’s root certificate is the highest level of certification in the country. The root certificate is a self-signed certificate.
The key activities of the Root CA include:
• CA key generation, storage, backup and recovery
• CA public key distribution and escrow
• CA key usage, destruction and archival
• CA cryptographic hardware life cycle management
• CA-provided subscriber key management
• Certification practice statement and certificate policy management
A Relying Party is an individual or entity that acts in reliance of a certificate and/or a digital signature. A Relying party may, or may not also be a Subscriber.
CArS xkwfay;aom oufaocHvufrSwfrsm;udk,HkMunfpdwfcspGm vufcHoHk;pJGaomolrsm;onf Relying Party rsm;jzpfygonf/
xdkolrsm;rSm
1/ CA rsm;\ oufaocHvufrSwf iSm;&rf;oHk;pJGolrsm;?
2/ CA ESihf Cross-Certification jyKvkyfxm;onhf Foreign CA rsm;?
3/ CA ESihf Cross-Certification jyKvkyfxm;onhf Foreign CA rsm;\ oufaocHvufrSwf iSm;&rf;oHk;pJGolrsm;?
4/ CA rS xkwfay;xm;aom oufaocHvufrSwfrsm;ESifh CRL rsm;udkvufcHtoHk;jyKolrsm;/
oufaocHvufrSwfiSm;&rf;oHk;pGJolrsm; (Subscriber) ESifhouf ao cH vufrSwfudk ,HkMunfvufcHtoHk; jyKol (RelyingParty) rsm;onf rdrdwdkUoHk;pGJaom oufaocHvufrSwfonf CArS xkwfay;aom oufaocH vufrSwf rsm; jzpfaMumif; aocsmap&rnf/
The Certificate Revocation List (CRL) is a list of certificates that have been revoked by the CA.
CA rS xkwfNyefxm;aom oufaocHvufrSwfy,fzsufpm&if;Nzpfygonf/
The Certificate Practice Statement (CPS) is a statement of the practices that a Certification Authority (CA) employs for issuing and managing certificates. A CPS may take the form of a declaration by the CA of the details of its system's responsibility and the practices that it employs both in its operations and in its support of issuance of a certificate.
Certification Practice Statement qdkonfrSm &wemyHkw,fvDydkYukrÜPDvDrdwuf Certification Authority (CA) \oufaocH vufrSwf xkwfay;jcif;qdkif&mvdkufemusifh oHk;rnfh enf;vrf;rsm; (Certification Practice Statement (CPS)) jzpfygonf/ þpmwrf;wGif CA rSoufaocHvufrSwfoHk;pGJolrsm;odkY oufaocHvufrSwfrsm;xkwfay;jcif;? pDrH cefYcGJjcif;? y,fzsufjcif;? oufwrf;wdk;jcif;rsm; jyKvkyf&mwGif CA(&wemyHkw,fvDydkYukrÜPDvDrdwuf) \ oufaocHvufrSwf xkwfay;jcif;qdkif&m rl0g'rsm; (Certificate Policy (CP) ygowfrSwfcsufrsm;ESifh tnD toHk;jyKrnfh enf;vrf;rsm;udk azmfjyxm;ygonf/ þ CPS onf Internet Engineering Task Force (IETF) RFC 3647\ Certificate Policies(CP) ESifh Certificate Practice Statement (CPS) a&;qGJ&rnfh vrf;nTefcsufrsm;twdkif; a&;qGJxm;jcif; jzpfygonf/ þ CPS wGifoHk;pGJxm;aom pum;vHk;rsm;\t"dyÜg,fowfrSwfcsuf rsm;onf tDvufxa&mepf qufoG,f aqmif&Gufa&; Oya' (ElectronicTransactionLaw) ? ,if;ESifhoufqkdifaom enf;Oya'rsm;? trdefYaMujimpmrsm; twdkif; jzpfygonf/
Certifying Authorities issue Digital Certificates that are appropriate to specific purposes or applications. A Certificate Policy (CP) describes the different classes of certificates issued by the CA, the procedures governing their issuance and revocation and terms of usage of such certificates, besides information regarding the rules governing the different uses of these certificates.
Certificate Policies (CP) qdkonfrSm &wemyHkw,fvDydkYukrÜPDvDrdwuf Certification Authority (Yatanarpon CA) \oufaocH vufrSwf xkwfay;jcif;qdkif&m rl0g'rsm; (Certificate Policies (CP)) jzpfygonf/ þpmwrf;wGif CA rS oufaocHvufrSwf iSm;&rf;oHk;pGJol (Subscriber) rsm;odkY 'pf*spfw,foufaocH vufrSwfrsm;xkwfay;jcif;? oufwrf;wdk;jcif;? pDrHcefYcGJjcif;? y,fzsufjcif;rsm; ponfwdkYjyKvkyf&mwGif YCA \ oufaocHvufrSwf xkwfay;jcif; qdkif&mrl0g'rsm;udk azmfjyxm;ygonf/ ,if;tjyiff Yatanarpon CA ESifh oufqkdifyg0if olrsm;tm;vkH; twGuf oufaocHvufrSwfESifhqkdifaom pD;yGm;a&;? Oya'a&;&m ESifh enf;ynmykdif;qkdif&mrsm;? ,kHMunfpdwfcsrIqkdif&m 0efaqmifrI (Trust Services) rsm; axmufyHh ay;jcif;qkdif&mrsm;ukdvnf; azmfjyxm;ygonf/
þ CP onf Internet Engineering Task Force (IETF) RFC 3647\ Certificate Policies(CP) ESifh Certification Practice Statement (CPS) a&;qGJ&rnfh vrf;nTefcsufrsm;twdkif; a&;qGJxm;jcif; jzpfygonf/ þ CP onf YCA\ oufaocH vufrSwfESifhqkdifaom 0efaqmifrIrsm;twGufom tokH;0ifygonf/
A Subscriber Agreement is an agreement between Subscriber and Yatanarpon CA stating that the subscriber will use the Digital Certificate for the assigned use or objective and that the subscriber is solely responsible for the protection of the private key and ensuring functionality of the unique key pair. The subscriber also agrees that all the information provided to Yatanarpon CA at the time of registration is accurate. In the event of any change in information, the subscriber is obliged to immediately inform Yatanarpon CA.
Yatanarpon CA is not responsible for any legal disputes arising due to misrepresentation on the part of the subscriber.
CA rsm; xkwfay;aom oufaocHvufrSwfudk iSm;&rf;oHk;pGJoltm; oufaocHvufrSwf iSm;&rf;oHk;pGJol (Subscriber) rsm;[kac:qdkygonf/ oufaocHvufrSwf iSm;&rf;oHk;pGJol (Subscriber) rsm;onf wpfOD;csif;aomfvnf;aumif;? tzGJUtpnf; aomfvnf;aumif; jzpfEdkifygonf/ xdkoufaocHvufrSwfiSm;&rf;okH;pGJol ESifh CA rsm;tMum; csKyfqdk&rnfh oabmwlnDcsufpmwrf;Nzpfygonf/
