Digital signature principles

Networking/Security Forums -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

Author: lillero PostPosted: Fri Jun 04, 2010 7:45 am    Post subject: Digital signature principles
    ----
deleted

Last edited by lillero on Thu Aug 12, 2010 12:13 pm; edited 1 time in total

Author: Fire AntLocation: London PostPosted: Fri Jun 04, 2010 3:35 pm    Post subject:
    ----
Quote:
I can see the subject's public key and other facts, but not the issuers digital signature.
Lets start from the beginning. I imagine you had a certificate from Verisign. In this certificate, which we will call the end-entity cert, it contains the public key of which is used for encryption. To ensure establish the chain of trust e.g. who issued the certificate, a hash of the issuers public key is placed in the Authority Key Identifier attribute in the end-entity cert. This AKI will match with the Subject Key Identifier in the issuing (intermediate) certificate. The hash, which is something different, which is called a thumbprint is just there to prove no one has tampered with this certificate.

Quote:
Is the subject's public key also encrypted with the issuers private key? In other words, when using this public key, it must be first decrypted with the issuers public key?
No, the public key is public and is not encrypted. Imaging you need one key to lock a box and another unlock the box. You cannot use the unlocking key for locking and vice versa.

Read Understanding PKI: Concepts, Standards, and Deployment Considerations, its a great book for anyone that wants to get to grips with PKI and all its functions.

Fire Ant



Networking/Security Forums -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group