Digital Certificates
- We use public key encryption.
- Public key encrypts, private key signs.
- Trusted third parties (Verisign) sign our public
key.
- The Secure Sockets Layer (SSL) protocol forms the basis of
the Transport Layer Security (TLS) protocol, as detailed in RFC 2246. Its
the standard.
- It works by:
- User connects to server using https.
- Server signs its own public key with its own private key
and send it back to browser.
- Browser uses the server's public key to verify that the
same person who signed the key also owns it.
- Browser checks if authority (Verisign) signed the public
key (avoid man-in-middle attack). Otherwise, asks user if key
can be trusted.
- Client generates symmetric key for session, encrypts it
with server's public key, and sends to server.
- Similarly (inversely), a server can request an
authentication certificate from the client.
José M. Vidal
.
60 of 89