Why SSL certificates?
SSL certificates are used for authentication and it assures users that identity they are talking to is authentic.
What are SSL certificates?
Like every one has his identity card, all the IP address based entities can have SSL certificates as their identity card.
What information does this contain?
It contains organizations comman name, their organization unit (i.e. type of organization) their domain name, locality, city name, country etc. And technical information like public key, hashing algorithm digital certificates etc. It may contain another certificate also (this another certificate is of generally certificate of trusted certifieng authority), This certifcate may contain another certificate inside it and so on forming a certificate chain. This chain ends up with the root certificate, and all other certs are called as intermediate certificate.
How SSL certs are used for authentication?
Basics required to understands are:
1. Data encrypted by the public key of domain can only be decrypted using its private key and vice-versa.
2. Trusted certificate: means that you are familiar with the public key on it and you will trust anything signed by this public key.Just like normal identity card, which is signed by some federal agency, and you already know that singature belongs to some XYZ federal agency assuring of authenticity of the holder of that identity card.
Communication / authentication:
How does communication happens with server?
1. Server sends client his certificate.
2. Client will take public key of next cert in chain and then try to decrypt the digital singature, after
decryption you will find a md5 message. this md5 message is compared with the md5 message which is obtained by taking md5 of the current cert. If they match then certificate is NOT tampered and it came from some one machine only, because you were able to decrypt the encrypted hash with some public key which is possible only if message was encrypted using its private key. Now if you trust this public key means you trust that machine
and you trust this certificate to be authentic.
Why this SSL certificate cannot be tampered or modified?
SSL certifcate contains user information and its public key and other fields, as told ealier. Also it
contains digital singature of this certificate and root certificate. Certificate not signed digitally can make sure of private communication, i.e. communication that cant be sniffed, but it doesnt make sure that the entity you are talking to is authentic. Now if malacious user tries to modify this certificate's any field then he will have different hash value (encrypted hash). We can modify ecnrypted hash value itself after tampering certificate right? Lets see. Now if you modify your certificate and obtain its hash value, then with which key of CA you will encrypt this hash value? since only public key is availbale we will encrypt using that. Now see what happens if
reciever recievs this kind of tampered certificate. Reciever will recieve this certificate and will take md5 hash of the main certificate, and now reciever will try to decrypt the encrypted hash value which it will do with the public key of the next cert in chain (CA cert in this case), since this encrypted hash value was encrypted using public key itself it cant be decrypted using its public key again, hence if you try to decrypt you will get incorrect hash value and this hash value wont match the former one, and certificate is proved to be tampered.
Friday, October 19, 2007
scared of change
Its not that i dont think about it usually, but feeling just got strong today. I always dream of becoming rich, which i aint. Though definition of rich i dont think exists, but its a relative term that you define by associating it with someone whom YOU personnally think is rich. So compare with real BIG, you dont have anything to loose of thinking. I always thought that i will do this...do that ...or may that would be easy...blah blah!!!! but in the end never actually thought of implementation. The very thought that i will have to leave my current job actually and will have to start my new buisiness sent butterflies in my stomach, I was shocked, rather scared and defensive, to the very idea about what next ? Its not easy, why? because i am just another guy who is day dreamer and want that transition from thinker to implementor. May be i dont fall into that class of implementors, but i think that transition is happening. The mount etna is blooming thoughts and will. Someday this volcano will blast.
Subscribe to:
Posts (Atom)
