In short, we have some sort of algorithms to gen pair of private and public keys. The public key is stored in a certificate and the private key is usually kept by server(usually the CA wont keep the private key). The certificate is generated by C.A. (certificate authority) from given info and public key provided by people/company. When some person need to send message secretly, they use the given certificate's public key to encrypt the message before send, only servers keep the right private key can decrypt it. But how do we know if the certificate is officially generated by the correct site? 2 ways, one way is to put the certificate under the implicit trust certificate list(it is pre-installed with OS/browser). The second is to prove it is trusted by the list of certificate sites mentioned. It's going to ask the trusted listed authorities the correct certificate of the given site, and the authority will respond a cypher text of the requested certificate as a signature of the requested certificate, this cypher text is encrypted with its private key. Anyone hold the CA's certificate can decrypt it and check the expected value of the certificate is correct. Then we get a correct certificate of the site from our trusted CA.

Root CA's private keys are usually kept physically isolated.

Each private key needs to be backupped and kept isolated from peering. Private keys shall be parted and distributed to several systems.

[quote]

Public key are used to encrypt message, and private key are used to decrypt message.

If the whole session need to be encrypted, two pairs of keys are needed.

Usually client side of pair of keys are generated randomly and not be verified through trusted list of CA.

Also, if no need high encryption, client side send a symmetric code to server through key pairs, then both sides communicate with the symmetric code rather than the public/private key method.

[HW quote]

Digi. Certificates: Key pairs usages的更多相关文章

  1. What is SSL and what are Certificates?

    Refer to http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html The content 1.2. What is SSL and ...

  2. Java Developer's Guide to SSL Certificates

    https://www.codebyamir.com/blog/java-developers-guide-to-ssl-certificates Overview When developing w ...

  3. SSH key introduction

    Preface At the first time, we take the connection with GitLab remote server. You need to type userna ...

  4. AWS Add Key Pair to Elastic Beanstalk Instance 给EB实例加密钥

    Go to Elastic Beanstalk -> Configuration -> Security -> Virtual machine permissions -> E ...

  5. Capabilities & ChromeOptions

    https://sites.google.com/a/chromium.org/chromedriver/capabilities http://stackoverflow.com/questions ...

  6. List of Chromium Command Line Switches(命令行开关集)——官方指定命令行更新网址

    转自:http://peter.sh/experiments/chromium-command-line-switches/ There are lots of command lines which ...

  7. Cryptographic method and system

    The present invention relates to the field of security of electronic data and/or communications. In ...

  8. OpenStack Keystone安装部署流程

    之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...

  9. [转载] TLS协议分析 与 现代加密通信协议设计

    https://blog.helong.info/blog/2015/09/06/tls-protocol-analysis-and-crypto-protocol-design/?from=time ...

随机推荐

  1. C语言面试题汇总

    1.   阅读下面程序并写出输出结果(10分). main() { int a[5]={1,2,3,4,5}; int *ptr=(int *)(&a+1); printf("%d, ...

  2. ASP.NET上传大文件出现网页无法显示的问题

    使用FileUpload上传的时候,默认允许大小是4M,而当小于4M的时候正常运行:当超过4M将显示网页无法显示.解决方法如下: 在web.config中的<system.web>< ...

  3. context.response.end()和return的区别

    最近忽然想起这个问题,上网查了很多,觉得这个网友回答的很给力,从本质上剖析了问题.最后发现这篇文章也是转载自博客园的一位网友.http://www.cnblogs.com/adolphyang/p/4 ...

  4. POJ3177 Redundant Paths 双连通分量

    Redundant Paths Description In order to get from one of the F (1 <= F <= 5,000) grazing fields ...

  5. [Usaco 再次除草]

    以后都用自己的号交吧 免得掉人品 Noip2016就是一个见证 一步一个脚印的刷 noip没把前两题稳拿就刷牛头..   bzoj1230 线段树打翻转标记,练手感 bzoj1231 状态压缩 预处理 ...

  6. Ubuntu 14.04—Anaconda 相关

    Anaconda 使用国内镜像: https://keyunluo.github.io/2016/07/17/2016-07-17-anaconda-python.html Anaconda下的 De ...

  7. [ An Ac a Day ^_^ ][kuangbin带你飞]专题八 生成树 POJ 1679 The Unique MST

    求最小生成树是否唯一 求一遍最小生成树再求一遍次小生成树 看看值是否相等就可以 #include<cstdio> #include<iostream> #include< ...

  8. android studio修改项目包名

    公司项目都是用eclipse开发的,但是android studio开发已经是大势所趋了,所以在闲暇之余使用了一下androidstudio,这里对androidstudio更改项目包名做一下总结,因 ...

  9. springmvc基础篇—掌握三种处理器

    随着springmvc的广泛使用,关于它的很多实用有效的功能应该更多的被大家所熟知,下面就介绍一下springmvc的三种处理器: 一.BeanName处理器(默认) <?xml version ...

  10. Unity3D脚本使用:Random

    实例: 为集合变量赋值,并运行,点击按钮,运行结果如图