06-15-2013 12:59 AM
Hi everybody
Please consider the following example:
R1------------------------CA---------------------------R2
We want R1 to get the certificate from Ca so R1 can use it to authenticate itself to R2. Similarly R2 wants to get its own certificate so it can authenticate itself to R1.
Both routers are configured to trust CA.
Before CA can issue certificates to R1 and R2 which they can use to authenticate each other, CA sends its own certificate which has its own (CA) public key, and CA signature. The video lecture I was watching says CA creates this signature , encrypts its own private key and attaches it to the certificate.
When R1 receives this certificate, R1 uses CA's public key to decrypt it.
In order for R1 to prove that certificate did come from CA not some impostor, It should know what was the signature before it was encrypted by CA using its private key and sending it to R1 ,so when R1 receives it and decrypts it with CA's public key it will be to compare and thus can be sure Certificate came from legit CA.
The question is how does R1 know the signature prior to receiving certificate from CA?
Thanks and have a great day.
Solved! Go to Solution.
06-15-2013 02:05 AM
A certificate signature is created by applying a hash algorithm over the certificate contents , then encrypting the resulted hash. so for R1 to know and verify the signature, it computes the hash of the received certificate (by a hash algorithm mentioned in the cert) , decrypt the signature, then compares both computed hash and decrypted signature which must be equal.
Hope this helps.
------
Regards.
Mashal Alshboul
06-15-2013 02:05 AM
A certificate signature is created by applying a hash algorithm over the certificate contents , then encrypting the resulted hash. so for R1 to know and verify the signature, it computes the hash of the received certificate (by a hash algorithm mentioned in the cert) , decrypt the signature, then compares both computed hash and decrypted signature which must be equal.
Hope this helps.
------
Regards.
Mashal Alshboul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide