In short, we have some sort of algorithms to gen pair of private and public keys. The public key is stored in a certificate and the private key is usually kept by server(usually the CA wont keep the private key). The certificate is generated by C.A. (certificate authority) from given info and public key provided by people/company. When some person need to send message secretly, they use the given certificate's public key to encrypt the message before send, only servers keep the right private key can decrypt it. But how do we know if the certificate is officially generated by the correct site? 2 ways, one way is to put the certificate under the implicit trust certificate list(it is pre-installed with OS/browser). The second is to prove it is trusted by the list of certificate sites mentioned. It's going to ask the trusted listed authorities the correct certificate of the given site, and the authority will respond a cypher text of the requested certificate as a signature of the requested certificate, this cypher text is encrypted with its private key. Anyone hold the CA's certificate can decrypt it and check the expected value of the certificate is correct. Then we get a correct certificate of the site from our trusted CA.

Root CA's private keys are usually kept physically isolated.

Each private key needs to be backupped and kept isolated from peering. Private keys shall be parted and distributed to several systems.

[quote]

Public key are used to encrypt message, and private key are used to decrypt message.

If the whole session need to be encrypted, two pairs of keys are needed.

Usually client side of pair of keys are generated randomly and not be verified through trusted list of CA.

Also, if no need high encryption, client side send a symmetric code to server through key pairs, then both sides communicate with the symmetric code rather than the public/private key method.

[HW quote]

Digi. Certificates: Key pairs usages的更多相关文章

  1. What is SSL and what are Certificates?

    Refer to http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html The content 1.2. What is SSL and ...

  2. Java Developer's Guide to SSL Certificates

    https://www.codebyamir.com/blog/java-developers-guide-to-ssl-certificates Overview When developing w ...

  3. SSH key introduction

    Preface At the first time, we take the connection with GitLab remote server. You need to type userna ...

  4. AWS Add Key Pair to Elastic Beanstalk Instance 给EB实例加密钥

    Go to Elastic Beanstalk -> Configuration -> Security -> Virtual machine permissions -> E ...

  5. Capabilities & ChromeOptions

    https://sites.google.com/a/chromium.org/chromedriver/capabilities http://stackoverflow.com/questions ...

  6. List of Chromium Command Line Switches(命令行开关集)——官方指定命令行更新网址

    转自:http://peter.sh/experiments/chromium-command-line-switches/ There are lots of command lines which ...

  7. Cryptographic method and system

    The present invention relates to the field of security of electronic data and/or communications. In ...

  8. OpenStack Keystone安装部署流程

    之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...

  9. [转载] TLS协议分析 与 现代加密通信协议设计

    https://blog.helong.info/blog/2015/09/06/tls-protocol-analysis-and-crypto-protocol-design/?from=time ...

随机推荐

  1. eclipse 导入 Maven 多模块项目

    右键 --> Import --> Existing Maven Projects --> 项目目录 选中所有子模块 --> Delete(一定不要勾选Delete proje ...

  2. NodeJs+Express实现简单的Web增删改查

    前一段时间,公司组织了一次NodeJs的技术分享,自己有幸去听了听,第一次接触NodeJs,后来经过自己学习和探索,完成了一个很简单的Web演示项目,在这里和初学者做以分享,开发工具:WebStorm ...

  3. nginx整合tomcat集群并做session共享----测试案例

    最近出于好奇心,研究了一下tomcat集群配置,并整合nginx,实现负载均衡,session共享,写篇记录,防止遗忘.---------菜鸡的自我修炼. 说明:博主采用一个web项目同时部署到两台t ...

  4. 自己写的一个jQuery轮播插件

    大概是四月初开始写的,中间停了有一个月吧.这是我在Github的第一个项目.项目地址:https://github.com/linzb93/jquery.slide.js. 轮播应该是最好写的插件了, ...

  5. 对于笔试题--“good and abc”的理解

    今天朋友问了一个面试题,题目如下: public class Example{ String str=new String("good"); char[]ch={'a','b',' ...

  6. 转:Monoids and Finger Trees

    转自:http://apfelmus.nfshost.com/articles/monoid-fingertree.html This post grew out of the big monoid ...

  7. [趣味]WhirlPolygon——彩色旋转正多边形

    此程序用于在AutoCAD中以直线绘制彩色旋转正多边形供欣赏~ 此程序附属MagicTable(可到依云官网下载:http://www.yiyunsoftware.com/),安装之即可使用该程序. ...

  8. 导入excel成一个list集合不支持大文件倒入(优化点在于分批分线程导入)

    package com.bj58.saletb.news.utils; import org.apache.log4j.Logger; import org.apache.poi.ss.usermod ...

  9. Windows 下 Apache HTTP Server 与 Tomcat 的整合

    整合准备: 1.Apache HTTP Server(下文用Apache简称) 2.Tomcat 7或8 3.mod_jk.so (tomcat-connectors)-这个文件是用来链接http s ...

  10. 必须掌握的Linux命令

    章节简述: 本章节讲述系统内核.Bash解释器的关系与作用,教给读者如何正确的执行Linux命令以及常见排错方法. 经验丰富的运维人员可以恰当的组合命令与参数,使Linux字符命令更加的灵活且相对减少 ...