Interview Questions: Digital Signature Certificate | PKI

Nowadays, digital signature certificates serve as the safeguard of authentication and integrity over an untrusted network. Here, we will discuss interview questions and answers on digital signature concepts.

Q1. What is a Digital Signature Certificate (DSC)?

Ans: Digital Signature Certificate (DSC) is an electronic equivalent of the physical signature. It proves your identity like an id card and proves your authentication. It is also used to access information or services on the internet. In other words, DSC is a method to validate the authenticity and integrity of electronic messages or data.

Q2. How does a Digital Signature Certificate (DSC) work?

Ans: This we can understand with help of the example. Assume Tom wants to send electronic documents to Eric digitally. Tom and Eric have acquired digital signature. The digital signature has two attributes relates to the subscriber: public and private key.  First, both have shared public key with each other. Now, Tom encrypts the message with his private key and send it to Eric. On receiving, Eric will use the shared public key of Tom to decrypt the message and assures the integrity of the message. In this way, Tom is able to exchange messages securely by using DSC.

Q3. What is an electronic document?

Ans: Electronic document is any data which needs the computer to access, interpret and process it. It can be an image, a drawing or any other message which needs computing system.

Q4. What is the difference between Electronic Signature and Digital Signature?

Ans: Electronic signature is similar to your physical signature in digitized form by attaching sound or symbol to document. While, Digital signature is the more secure form which assures confidentiality, integrity, authentication, and non-repudiation.

Q5. What are the different classes of Digital Signature Certificates?

Ans: Different classes of Digital Signature Certificates:

Class 1 Certificate: These certificates issued to individuals or private subscribers. Certifying Authorities assures user’s name (or alias) and E-mail address of subscriber in consumer databases.

Class 2 Certificate: These certificates issued for both business personnel and private individuals use. Certifying Authorities assures the information in the application provided by the subscriber is consistent with the information in consumer databases.

Class 3 Certificate: This certificate issued to individuals as well as organizations. As these are high assurance certificates, Certifying Authorities issue certificates only on the physical appearance of subscriber before them and also assures the information in the application provided by the subscriber is consistent with the information in consumer databases.

Q6. How is Digital Signature Validated and Secured?

Ans: Digital signature is mainly used for assurance of authentication and integrity of received data. If data is encrypted using the public key, data can be decrypted using the private key and vice-versa. In this way, the digital signature is validated and it ensures authentication, confidentiality, integrity, and non-repudiation.

Q7. What is the Certificate Revocation List (CRL)?

Ans: Certificate Revocation List (CRL) is a list of digital certificates issued by Certifying Authority (CA) and it contains revoked digital signatures before their scheduled expiry date. Certificates available in this list should no longer be trusted.

Q8. What does X.509 refer to as it relates to digital certificates?

Ans:  X.509 is a standard which defines the format of public key certificates. TLS/SSL also uses the same standard for defining certificates.

Q9. How Are Certifying Authorities Susceptible to Attack?

Ans: Although it is very difficult to attack Certifying Authorities, there are still some ways as mentioned below:

  • Find out private keys of CAs by reverse engineering the device
  • If CAs use short length keys, it is susceptible to attack.

Q10. Can a digital signature be forged?

Ans: It is very difficult to forge the digital signature. Highly complex algorithms implemented which makes nearly impossible to forge the signature.

Q11. What is a one-time signature scheme?

Ans: In cryptography, a one-time signature scheme is a method for creating a digital signature. This type of signatures can be built from any cryptographically secure one-way function and generally used to sign a single message.

Q12. What is an Undeniable Signature Scheme?

Ans: Undeniable signature scheme, also called non-self-authenticating signature schemes, where signatures can only be verified with the consent of signer.

Q13. What are the types of Certificates issued by CAs?

Ans: As per X.509 Certificate Policy PKI published by Controller of Certifying Authorities, there are five types of certificates:

  • Signature Certificate,
  • Encryption Certificate
  • SSL Server Certificate
  • Code Signing Certificate
  • Document Signer Certificate

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

2 thoughts on “Interview Questions: Digital Signature Certificate | PKI”


Your email address will not be published. Required fields are marked *