1

I'm definitely understanding something wrong with the TLS process, and am hoping one of you fine folks will point out the flaw in my thinking.

So from what I've read on TLS, the client (and therefore any man in the middle (MITM)) knows or receives a web server's certificate, which amongst other things contains the public key to be used for encrypting the symmetric key used during TLS communication. (This next part is most likely my misunderstanding) My understanding is that the certificate separately contains the public key and the signature/host name verifying the authenticity of said public key. If that's the case, what's stopping a MITM from keeping the entire certificate including the signature and just replacing the public key portion with their own public key? At that point their key looks like it's signed by a trusted authority right?

Obviously I'm wrong, but can someone explain how I'm wrong in detail?

Darkhydro
  • 111
  • 2
  • 1
    The signature is actually the signature over the hash of the whole certificate. You can't just "replace the signature", because in order to do that, you would need the private key of the trusted root CA. If you have that, *then* you can create forged certificates for everything. –  Feb 17 '21 at 21:32
  • To be exact, an SSL/TLS (X.509 or PKIX) certificate contains the host's name(s) and the host's publickey (which is used in the SSL/TLS keyexchange, but in this century usually NOT by 'encrypting the symmetric key') plus some other data, all signed _by a Certificate Authority_ aka CA (NOT the host itself). It is because of the checks done by the CA before signing the cert that we trust the host. See https://en.wikipedia.org/wiki/Public_key_certificate especially item 5. You might also see our famous https://security.stackexchange.com/questions/20803/how-does-ssl-work/ . – dave_thompson_085 Feb 18 '21 at 04:04

0 Answers0