cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
599
Views
0
Helpful
1
Replies

certificate authority and certificate.

sarahr202
Level 5
Level 5

Hi everybody

Please consider the following example:

R1------------------------CA---------------------------R2

We want R1 to get the certificate from Ca so R1 can use it to authenticate itself to R2. Similarly R2 wants to get its own certificate so it can authenticate itself to R1.

Both routers are configured to trust CA.

Before CA can issue certificates to R1 and R2 which they can use to authenticate each other, CA sends its own certificate which has its own (CA) public key, and CA signature.  The video lecture I was watching says CA creates this signature , encrypts its own private key and attaches it to the certificate.

When R1 receives this certificate, R1 uses  CA's public key to decrypt it.

In order for R1 to prove that certificate did come from CA not some impostor, It should know what was the signature before it was encrypted by CA using its private key and sending it  to R1 ,so when R1 receives it and decrypts it with CA's public key it will be to compare and  thus can be sure Certificate came from legit CA.

The question is how does R1 know the signature prior to receiving certificate from CA?

Thanks and have a great day.

1 Accepted Solution

Accepted Solutions

malshbou
Level 1
Level 1

A certificate signature is created by applying a hash algorithm over the certificate contents , then encrypting the resulted hash. so for R1 to know and verify the signature, it computes the hash of the received certificate (by a hash algorithm mentioned in the cert) , decrypt the signature, then compares both computed hash and decrypted signature which must be equal.

Hope this helps.

------

Regards.
Mashal Alshboul

------------------ Mashal Shboul

View solution in original post

1 Reply 1

malshbou
Level 1
Level 1

A certificate signature is created by applying a hash algorithm over the certificate contents , then encrypting the resulted hash. so for R1 to know and verify the signature, it computes the hash of the received certificate (by a hash algorithm mentioned in the cert) , decrypt the signature, then compares both computed hash and decrypted signature which must be equal.

Hope this helps.

------

Regards.
Mashal Alshboul

------------------ Mashal Shboul