Asymmetric encryption
Private Key - Public Key
- Message A ⇒ encrypted by Private key ⇒ Block A
- Block A ⇒ de-encrypted by Public key ⇒ Message A
Vice versa
Digital Signature
Purpose: Help Bob to identify that if this message is from Amy.
- Amy shares her public key in person to Bob
- Bob can trust that this public key must belong to Amy
- Amy wants to send message to Bob, so she encrypts this message(so called Digital Signature), combines this message with digital sign together, and sents it to Bob
- Bob receives message, use Amy’s public key to de-encrypt digital sign, and compare it with plaintext part of message. If match, Bob can be sure that this message is from Amy
Certificate
From 1.a, asking for trusted public key is tedious and really frustrating. Is this trusted relationship transitive?
If
- Bob trust Amy(Bob has Amy’s public key)
- Cella trust Bob(Cella has Bob’s public key)
Think again about the effects of Digital Signature
- you can trust the sender
- you can trust the content
If Amy wants to send message to Cella and let her trust it.
- Amy ask Bob to sign her identical information and public key(so called Certificate).
- “I am Amy, this is my public key: xxxxx”
- Amy send certificate from Bob to Cella
- Cella receive message, de-encrypted Certificate with Bob’s public key
- This Certificate is from Bob
- Bob give me the public key of Amy(certificate content)
- Amy send Hello message plaintext, Hello message encrypted by Amy’s private key(Digital Signature) to Cella
- Cella de-encrypted Amy’s Hello message with Amy’s public key, and compare it with plaintext part of Hello message. If match, then this message is from Amy.
From now on, Cella build a trust relationship with Amy
Certificate Authority
In reality, every PC has originally trusted Root CA since it installed the operation system. Hence it trust every other subject that Root CA trusts.
This relationship can be transmitive to others…