In short, we have some sort of algorithms to gen pair of private and public keys. The public key is stored in a certificate and the private key is usually kept by server(usually the CA wont keep the private key). The certificate is generated by C.A. (certificate authority) from given info and public key provided by people/company. When some person need to send message secretly, they use the given certificate's public key to encrypt the message before send, only servers keep the right private key can decrypt it. But how do we know if the certificate is officially generated by the correct site? 2 ways, one way is to put the certificate under the implicit trust certificate list(it is pre-installed with OS/browser). The second is to prove it is trusted by the list of certificate sites mentioned. It's going to ask the trusted listed authorities the correct certificate of the given site, and the authority will respond a cypher text of the requested certificate as a signature of the requested certificate, this cypher text is encrypted with its private key. Anyone hold the CA's certificate can decrypt it and check the expected value of the certificate is correct. Then we get a correct certificate of the site from our trusted CA.

Root CA's private keys are usually kept physically isolated.

Each private key needs to be backupped and kept isolated from peering. Private keys shall be parted and distributed to several systems.

[quote]

Public key are used to encrypt message, and private key are used to decrypt message.

If the whole session need to be encrypted, two pairs of keys are needed.

Usually client side of pair of keys are generated randomly and not be verified through trusted list of CA.

Also, if no need high encryption, client side send a symmetric code to server through key pairs, then both sides communicate with the symmetric code rather than the public/private key method.

[HW quote]

Digi. Certificates: Key pairs usages的更多相关文章

  1. What is SSL and what are Certificates?

    Refer to http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html The content 1.2. What is SSL and ...

  2. Java Developer's Guide to SSL Certificates

    https://www.codebyamir.com/blog/java-developers-guide-to-ssl-certificates Overview When developing w ...

  3. SSH key introduction

    Preface At the first time, we take the connection with GitLab remote server. You need to type userna ...

  4. AWS Add Key Pair to Elastic Beanstalk Instance 给EB实例加密钥

    Go to Elastic Beanstalk -> Configuration -> Security -> Virtual machine permissions -> E ...

  5. Capabilities & ChromeOptions

    https://sites.google.com/a/chromium.org/chromedriver/capabilities http://stackoverflow.com/questions ...

  6. List of Chromium Command Line Switches(命令行开关集)——官方指定命令行更新网址

    转自:http://peter.sh/experiments/chromium-command-line-switches/ There are lots of command lines which ...

  7. Cryptographic method and system

    The present invention relates to the field of security of electronic data and/or communications. In ...

  8. OpenStack Keystone安装部署流程

    之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...

  9. [转载] TLS协议分析 与 现代加密通信协议设计

    https://blog.helong.info/blog/2015/09/06/tls-protocol-analysis-and-crypto-protocol-design/?from=time ...

随机推荐

  1. 从零开始学C++之继承(二):继承与构造函数、派生类到基类的转换

    一.不能自动继承的成员函数 构造函数 析构函数 =运算符 二.继承与构造函数 基类的构造函数不被继承,派生类中需要声明自己的构造函数. 声明构造函数时,只需要对本类中新增成员进行初始化,对继承来的基类 ...

  2. [置顶] cuzy sdk之起源

    程序员都熟知一句话, “不要重复制造轮子".应该说互联网的繁荣和普及给刚入门的软件工程师还是带来很大的好处的.尤其是github,sourceforge在国内日渐的流行. 在学习iOS和an ...

  3. crudandroidandroid——CRUD(在上一篇博客的基础上)

    废话就不多说了,开始... 1.Person package com.njupt.sqlite; public class Person { private Integer id; private S ...

  4. snmpwalk高延时问题分析

    问题出现 有两台物理机,一台是192.168.1.15,另一台是192.168.1.43.二者的netsnmp版本相同. 使用snmpwalk去访问两台机器,获取tcp重传数(tcpRetransSe ...

  5. There is no getter for property named 'userSpAndSp' in 'class com.uauth.beans.UserSpAndSp'

    mybatis 报错There is no getter for property named 'userSpAndSp' in 'class com.uauth.beans.UserSpAndSp' ...

  6. Android中使用开源框架Fresco处理图片

    本文为原创博文,转载请注明原文链接:http://www.cnblogs.com/panhouye/p/6278116.html 关于Fresco的优点大家自行谷歌吧,它太强大太优秀了,我这一片小博文 ...

  7. 结构-行为-样式-Jquery实现延迟加载特效(数据缓冲特效)

    最近在做一个地产项目的过程中,原来用的延迟加载的插件在IE下会使浏览器突然缩小,这个让客户很不满意,于是就考虑到兼容性的问题决定自己写一个插件.思路:定义一个代码块,手动加载到页面,然后手动删除.   ...

  8. 我的 MarkDown 学习笔记

    MarkDown 一种用于写作的轻量级[标记语言].它用简洁的语法代替排版,而不像一般的文字处理软件 Word 或者 Pages 有大量的排版.字体设置等. 如果你对文章的样式没有太多要求,只注重写文 ...

  9. 隐藏或删除指定的html元素

    <div  id="Contain"> <div>好好学习<div> <div>天天向上<div> <div> ...

  10. [coding horror] 1 - sum 2

    sum 2 描述 输入一个递增排序的数组和一个数字S,在数组中查找两个数,是的他们的和正好是S,如果有多对数字的和等于S,输出两个数的乘积最小的. 对应每个测试案例,输出两个数,小的先输出. codi ...