Certificate Authority anyone?
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
I'm trying to get my head around how the CA works without much joy.
I'm assuming the CA is an application running on a server which all routers can access.
What i've learned so far is as follows:
1)The client creates a public and private key, do these keys have any significance to each other at this point or are they just random keys?
2) The client sends an unsigned cert to the CA containing a client id and the public key it just created.
3) The CA computes a hash code and encrypts the unsigned cert using the CAs private key.The result of the hash and encryption is the signiture and is attached to the cert and thus a signed cert is send back to the client.
4)The CA also sends its own cert to the client, this cert the CA sends what
important info does it contain? only the CAs public key?
5)The client now has a signed digital cert it can send to any peer.If a peer wants to decrypt the signature it uses CAs public key.
Now i'm definitely missing something here!
Firstly how does the peer get the CAs public key? Is the CAs public key unique for each peer or different?Since the data was originally encrypted usings CAs private key how can a host use the public key to decrypt, also how does the peer know what type of hashing that CA used?
Thanks in advance, i hope someone understands my questions.
I'm assuming the CA is an application running on a server which all routers can access.
What i've learned so far is as follows:
1)The client creates a public and private key, do these keys have any significance to each other at this point or are they just random keys?
2) The client sends an unsigned cert to the CA containing a client id and the public key it just created.
3) The CA computes a hash code and encrypts the unsigned cert using the CAs private key.The result of the hash and encryption is the signiture and is attached to the cert and thus a signed cert is send back to the client.
4)The CA also sends its own cert to the client, this cert the CA sends what
important info does it contain? only the CAs public key?
5)The client now has a signed digital cert it can send to any peer.If a peer wants to decrypt the signature it uses CAs public key.
Now i'm definitely missing something here!
Firstly how does the peer get the CAs public key? Is the CAs public key unique for each peer or different?Since the data was originally encrypted usings CAs private key how can a host use the public key to decrypt, also how does the peer know what type of hashing that CA used?
Thanks in advance, i hope someone understands my questions.
Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
Comments
-
kalebksp
Member Posts: 1,033 ■■■■■□□□□□
ed_the_lad wrote:The client creates a public and private key, do these keys have any significance to each other at this point or are they just random keys?
This is assymetric keying, the keys are mathematically related so that something encrypted with one can only be decrypted by the other.ed_the_lad wrote:Firstly how does the peer get the CAs public key?
Generally the peer must have some sort of trust relationship with the CA, in terms of OSs they come preloaded with common internet CAs.ed_the_lad wrote:Is the CAs public key unique for each peer or different?
I would imagine that big CAs have multiple keys for different types of certificates, but clients all use the same ones.ed_the_lad wrote:Since the data was originally encrypted usings CAs private key how can a host use the public key to decrypt, also how does the peer know what type of hashing that CA used?
I believe the certifcate holds the hashing algorithm information. -
forbesl
Member Posts: 454
This might answer some of your questions:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7b2.html -
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
Thanks guys..Networking, sometimes i love it, mostly i hate it.Its all about the $$$$