How does the Certificate Authority work

Question

I'm learning how the Certificate Authority work and have a question.

As my understanding, the Certificate Authority can guarantee that the client get the true public-key:
Saying that I'm a server and you are my client, to ensure that we can communicate securely, we use some asymmetric encryption --- I hold the private-key and I send the public-key to you. Now the problem is that how we can make sure that you get my public-key, instead of someone else's.

In this case, the Certificate Authority can help us: CA encrypts my public-key with its own private-key and send it to you, you use the public-key of CA to decrypt and get my public-key.

If I'm right, my question is:
How can we guarantee that we received the true public-key of CA? In other words, if the thing that I send my public-key to you is not secure, why does the CA sending its public-key to you is secure?

Answer 1

The CA doesn't send any public keys to clients.

The CA signs the server's public key with their private key and then gives that signature to the server. When the client connects to a server, the server then sends both its public key and the signature to the client.

Clients already have the public keys of all CA's they trust. These are called root certificates. Clients use those public keys to verify that the signatures on the public keys of any servers they communicate with are valid.

Now for the problem "how do the public keys of the CA's come to the client"? Some web browsers come with their own set of root certificates, others use the certificate store of the operating system. Most users blindly trust the vendor of their browser / os that the list of CA's they curated is trustworthy. So downloading and updating your web browser or operating system is a critical process for the CA infrastructure. A powerful adversary who can manipulate your internet traffic or controls the fileservers from which you receive your updates could smuggle their own CA root certificate into those installers / updates. But if they are able to slip you a backdoored update, then they can do far worse things.

Answer 2

A client like a web browser already contains dozens of pre-trusted CA certificates. So, a client receiving your certificate signed by a CA looks in his local storage to confirm that the signature is valid.

Answer 3

A certificate authority is an organization that is seen as trusted by other organizations and entities. Whether or not you trust a certificate authority is basically up to you. You can also be a certificate authority yourself. There's enough free software you can create a ca with and give out certificates.

The more companies that do business with a ca the more overall trusted it becomes. That does not mean you have to trust it.

Some people trust free and open source stuff, as it could be reviewed by people, others trust only stuff that costs money, because if that becomes untrusted the cash flow would stop.

It's up to you to decide who you trust and who not. People are crazy enough to question the trustworthiness of a multi-billion dollar company like microsoft but install software of a completely unknown local vendor without even questioning it's trustworthyness.