4

If SSL/TLS uses a pre-created certificate why does it also use public-key ciphers such as RSA and ECDSA for authentication (I do not mean MAC integrity)? Are they related?

dylan7
  • 737
  • 8
  • 17
  • possible duplicate of [How does SSL/TLS work?](http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) – makerofthings7 Jun 21 '15 at 00:33
  • I read that post, and this seems different. They didn't talk about why there are authentication algorithms and Certs – dylan7 Jun 21 '15 at 00:36
  • Can you explain what you mean by "why does it also use public-key ciphers"? A certificate is intended to link a public key to an identity and certificate signatures are checked by decrypting them with a public key, so public key cryptography is pretty integral. – thexacre Jun 21 '15 at 01:42
  • So basically that kind of answered what I was asking. Basically if authentication algorithms were part of the certificate or if they were different things. But what is the public key it is trying to very ownership of used for? Is that public key used to verify the cert (the authentication public key) , or is it to be used for communicating(i.e key exchange)? – dylan7 Jun 21 '15 at 01:49
  • 4
    @thexacre They're checked by *verifying* with a public key. "Signing is encrypting with private key, verifying is decrypting with public key" is not exactly true for any cryptosystem (even RSA, where the specific algorithms used are different and incompatibly so for important security reasons) and is blatantly not true for DSA and ECDSA. All saying it does is confuse people by reinforcing a common misconception. – cpast Jun 21 '15 at 02:08

1 Answers1

4

The key in a TLS certificate is for a public-key cryptosystem. This is because the same key is sent to every client, and sending out a secret key to anyone who asks is not considered a viable security strategy by most experts.

The reason the certificate is signed with a public-key algorithm is that there's otherwise nothing stopping an attacker from pretending to be the real site, and giving you their public key. So, you want to make sure the public key is the correct one, which you do by verifying that it's been approved by someone you trust. This is the exact use-case for digital signatures, so they're used to verify the certificate.

The public key in an X.509 certificate is normally a public key for a signature algorithm, to sign data and (if the certificate is a CA certificate) to sign other certificates. In TLS, it can also be an encryption/key-exchange algorithm public key; the most common is an RSA public key, which can be used for both. In RSA-based cipher suites, this is used for key exchange. In DHE/ECDHE cipher suites, it's used in key exchange by verifying a temporary Diffie-Hellman key signed with the associated private key. Regardless, the end effect is the same: the public key in the server cert is for key exchange, and in CA certs is for certificate signing.

cpast
  • 7,223
  • 1
  • 29
  • 35