0

According to RFC 3280 a certificate's basic syntax is 

Sequence := 
{
    tbsCertificate
    signatureAlgorithm
    signatureValue
}

In tbsCertificate, SubjectPublicKey is the public key of the server. The signature value is encrypted with the private key of the server (if I am not wrong). How will I decrypt the signature value (to validate the certificate) if it can only be decrypted by the server's private key?

Anders
  • 64,406
  • 24
  • 178
  • 215
Mamoon Ahmed
  • 1
  • 1
  • 2

1 Answers1

0

I'm sorry you don't need the private key to "decrypt" something encrypted using asymmetric encryption, you need the public key, which is in the certificate, or the certificate of the trusted authority. Using the public key also provides proof that the private key was indeed used.

See this prior entry Digital Signature and Verification? and this: how digital signature verification process works

Community
  • 1
DaveM
  • 165
  • 5
  • reading your answer and the posts you have given the link to, I need public key to decrypt the signatureValue ? and also encrypting the data with private key is signing ? – Mamoon Ahmed Apr 30 '16 at 23:06
  • Saying you need the public key to decrypt is **wrong**. Public keys encrypt and verify, Private keys decrypt and sign. Im sure you know what you are talking about but your answer is misleading. – Luke Park May 01 '16 at 12:29
  • @LukePark so I will encrypt the whole certificate with the public key given in certificate and compare those encrypted messages to verify ? – Mamoon Ahmed May 02 '16 at 00:25
  • @MamoonAhmed No. The certificate contains the signature already. You use the public key to verify (decrypt) the signature, which will give you a hash. Compute the hash of the rest of the certificate and compare those. – Luke Park May 02 '16 at 00:28
  • @LukePark Thank you so much for the answer. another question is ? a data encrypted with a private key can be decrypted with public key ? – Mamoon Ahmed May 02 '16 at 00:49
  • The correct words are sign and verify. But to a degree, yes. – Luke Park May 02 '16 at 00:52