0

I was reading this article about how the Server Authentication is being done During SSL Handshake https://docs.oracle.com/cd/E19693-01/819-0997/aakhc/index.html

I do understand everything but I have a specific question about the point number 3 when it says

if the CA certificate’s public key doesn’t correspond to the private key used by the CA to sign the server certificate, the client won’t authenticate the server’s identity.

How using only the public key we know that this public key does not correspond to the private key? do we use the public key to decrypt the signature and make sure it matches some data sent along with the signature?

Thanks in advance

schroeder
  • 123,438
  • 55
  • 284
  • 319
Mohamad Haidar
  • 349
  • 6
  • 13

1 Answers1

1

Simply put, the CA creates a signature with their private key. The public key, among other information, is distributed as certificate together with your operating system.

Should the public key of the CA (so the certificate you already have on your machine) not correspond to the private key used to sign a certificate, the signature would be invalid.

  • Thanks a lot for the answer. I still do not understand how the validation happens :( – Mohamad Haidar Feb 05 '20 at 16:00
  • @Mohamad read the duplicate - it explains it in full. Any article online about PKI and signature verification will help, too. – schroeder Feb 05 '20 at 16:01
  • Thanks a lot... – Mohamad Haidar Feb 05 '20 at 16:02
  • Hi, I have read the article. I want to make sure my understanding is correct. I do understand that the certificate is composed of identity, public key and signature which is computed over the two previous parts by a Certification Authority using the CA private key. The client then verifies the signature using the pre-installed or hard-coded CA public keys by decrypting the signature using that CA public key and verify that is decrypts to the same identity and public key. Can you please tell me if my understanding is correct and if not then what do I miss?. – Mohamad Haidar Feb 05 '20 at 16:44
  • Can you guys please verify my understanding. I will read again if I have incorrect understanding . – Mohamad Haidar Feb 05 '20 at 17:23