Certificates, Public key and Private Key
Public and private keys allow communication over a public network in a secure manner. Your public key can be shared with others with whom you wish to communicate and your private key remains a secret, only accessible to you.
If one of the keys is used for encoding a message, it can only be decoded by the other key. This allows the following:
1. Your partner can encrypt a message with your public key and send it to you. Since this message can only be read by you by decoding it with your private key, you are assured that the message cannot be read by others standing between you and your partner.
2. You can encode a message with your private key; which when correctly decoded, confirms that the message was indeed sent by you and not an impostor. Encoding message with private key is known as signing.
Similarly, you can use your partner's public key to encrypt data that is sent to them and decode data that you receive from them to confirm that the message is authentic.
When you make a call on SSL port (example https port), the server sends its certificate to you (the client). You will then verify this certificate. If the certificate is trusted (either by a certification authority that you trust or you have manually added it to your list of trusted certificates), within valid dates and the host name matches the host to which you have made the call, you continue to talk with the server. The server might ask for your certificate (since it is optional for a server to request for client certificate). When you respond with your certificate, it will do a similar check as you did with the server certificate. This process is known as SSL handshake.
Since certificates contain public key, they can be used for encryption.
The article uses "you" to make explanation simple. By "you" we mean the software application that you use for communication.
If one of the keys is used for encoding a message, it can only be decoded by the other key. This allows the following:
1. Your partner can encrypt a message with your public key and send it to you. Since this message can only be read by you by decoding it with your private key, you are assured that the message cannot be read by others standing between you and your partner.
2. You can encode a message with your private key; which when correctly decoded, confirms that the message was indeed sent by you and not an impostor. Encoding message with private key is known as signing.
Similarly, you can use your partner's public key to encrypt data that is sent to them and decode data that you receive from them to confirm that the message is authentic.
When you make a call on SSL port (example https port), the server sends its certificate to you (the client). You will then verify this certificate. If the certificate is trusted (either by a certification authority that you trust or you have manually added it to your list of trusted certificates), within valid dates and the host name matches the host to which you have made the call, you continue to talk with the server. The server might ask for your certificate (since it is optional for a server to request for client certificate). When you respond with your certificate, it will do a similar check as you did with the server certificate. This process is known as SSL handshake.
Since certificates contain public key, they can be used for encryption.
The article uses "you" to make explanation simple. By "you" we mean the software application that you use for communication.
Comments
Post a Comment