In short, we have some sort of algorithms to gen pair of private and public keys. The public key is stored in a certificate and the private key is usually kept by server(usually the CA wont keep the private key). The certificate is generated by C.A. (certificate authority) from given info and public key provided by people/company. When some person need to send message secretly, they use the given certificate's public key to encrypt the message before send, only servers keep the right private key can decrypt it. But how do we know if the certificate is officially generated by the correct site? 2 ways, one way is to put the certificate under the implicit trust certificate list(it is pre-installed with OS/browser). The second is to prove it is trusted by the list of certificate sites mentioned. It's going to ask the trusted listed authorities the correct certificate of the given site, and the authority will respond a cypher text of the requested certificate as a signature of the requested certificate, this cypher text is encrypted with its private key. Anyone hold the CA's certificate can decrypt it and check the expected value of the certificate is correct. Then we get a correct certificate of the site from our trusted CA.

Root CA's private keys are usually kept physically isolated.

Each private key needs to be backupped and kept isolated from peering. Private keys shall be parted and distributed to several systems.

[quote]

Public key are used to encrypt message, and private key are used to decrypt message.

If the whole session need to be encrypted, two pairs of keys are needed.

Usually client side of pair of keys are generated randomly and not be verified through trusted list of CA.

Also, if no need high encryption, client side send a symmetric code to server through key pairs, then both sides communicate with the symmetric code rather than the public/private key method.

[HW quote]

Digi. Certificates: Key pairs usages的更多相关文章

  1. What is SSL and what are Certificates?

    Refer to http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html The content 1.2. What is SSL and ...

  2. Java Developer's Guide to SSL Certificates

    https://www.codebyamir.com/blog/java-developers-guide-to-ssl-certificates Overview When developing w ...

  3. SSH key introduction

    Preface At the first time, we take the connection with GitLab remote server. You need to type userna ...

  4. AWS Add Key Pair to Elastic Beanstalk Instance 给EB实例加密钥

    Go to Elastic Beanstalk -> Configuration -> Security -> Virtual machine permissions -> E ...

  5. Capabilities & ChromeOptions

    https://sites.google.com/a/chromium.org/chromedriver/capabilities http://stackoverflow.com/questions ...

  6. List of Chromium Command Line Switches(命令行开关集)——官方指定命令行更新网址

    转自:http://peter.sh/experiments/chromium-command-line-switches/ There are lots of command lines which ...

  7. Cryptographic method and system

    The present invention relates to the field of security of electronic data and/or communications. In ...

  8. OpenStack Keystone安装部署流程

    之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...

  9. [转载] TLS协议分析 与 现代加密通信协议设计

    https://blog.helong.info/blog/2015/09/06/tls-protocol-analysis-and-crypto-protocol-design/?from=time ...

随机推荐

  1. jsp传值乱码解决办法

    在jsp中,我们经常从数据库读取数据返回客户端,但我们常常在制作时出现乱码现象,所以我们可以用<%request.setCharacterEncoding("UTF-8"); ...

  2. [置顶] NS2中对TCP数据包和ACK包的TCP Sink类的主要实现代码详尽剖析--吐血放送

    NS2中对TCP数据包和ACK包的TCP Sink类的主要实现代码详尽剖析,限于个人水平,如有错误请留言指出! TcpSink类的recv()方法: void TcpSink::recv(Packet ...

  3. 添加第三方类库造成的Undefined symbols for architecture i386:编译错误

    1.原因: 如果是源码编译的话,一般就只某些头文件没有添加到src编译里面.但是对于添加库编译,一般是库的编译路径设置不正确(比如arm的版本.模拟器或者真机的不同版本库引用错误或者重复引用一起编译器 ...

  4. 【翻译+整理】.NET Core的介绍

    .NET Core 是一个通用开发平台,它由微软和开源社区共同管理(git hub的.NET开源社区): 他支持Windows,macOS和Linux,并且可以运行在硬件设备中.云平台上和物联网嵌入式 ...

  5. PHP之MYSQL数据库

    MYSQL数据库简介 1.什么是数据库? 数据库(database) 就是一个由一批数据构成的有序集合,这个集合通常被保存为一个或多个彼此相关的文件.   2.什么是关系型数据库? 数据被分门别类的存 ...

  6. 软件各种版本的含义!例如RC,M,GA等等

    RC版本   RC:(Release Candidate)   Candidate是候选人的意思,用在软件上就是候选版本.Release是发行.发布的意思.Release.Candidate.就是发行 ...

  7. 【.NET】字符串处理类库

    类名:DealString,方法清单列好在头上. /// 1.截取字符串,最后加3个小数点 /// 2.获得指定Url的参数的string类型值 /// 3.判断数据类型 /// 4.过滤JS标记 / ...

  8. Python 调用shell

    第一种,os.system("The command you want"). 这个调用相当直接,且是同步进行的,程序需要阻塞并等待返回.返回值是依赖于系统的,直接返回系统的调用返回 ...

  9. git stash让bug来的更猛烈些吧

    git stash可以用来暂存当前正在进行的工作,比如想pull最新的代码,又不想加新commit, 或者有一个紧急的bug需要修复,但是这个bug又与你已经在做的工作(还没完成)有关联.这个时候有的 ...

  10. 转:Monoids and Finger Trees

    转自:http://apfelmus.nfshost.com/articles/monoid-fingertree.html This post grew out of the big monoid ...