In short, we have some sort of algorithms to gen pair of private and public keys. The public key is stored in a certificate and the private key is usually kept by server(usually the CA wont keep the private key). The certificate is generated by C.A. (certificate authority) from given info and public key provided by people/company. When some person need to send message secretly, they use the given certificate's public key to encrypt the message before send, only servers keep the right private key can decrypt it. But how do we know if the certificate is officially generated by the correct site? 2 ways, one way is to put the certificate under the implicit trust certificate list(it is pre-installed with OS/browser). The second is to prove it is trusted by the list of certificate sites mentioned. It's going to ask the trusted listed authorities the correct certificate of the given site, and the authority will respond a cypher text of the requested certificate as a signature of the requested certificate, this cypher text is encrypted with its private key. Anyone hold the CA's certificate can decrypt it and check the expected value of the certificate is correct. Then we get a correct certificate of the site from our trusted CA.

Root CA's private keys are usually kept physically isolated.

Each private key needs to be backupped and kept isolated from peering. Private keys shall be parted and distributed to several systems.

[quote]

Public key are used to encrypt message, and private key are used to decrypt message.

If the whole session need to be encrypted, two pairs of keys are needed.

Usually client side of pair of keys are generated randomly and not be verified through trusted list of CA.

Also, if no need high encryption, client side send a symmetric code to server through key pairs, then both sides communicate with the symmetric code rather than the public/private key method.

[HW quote]

Digi. Certificates: Key pairs usages的更多相关文章

  1. What is SSL and what are Certificates?

    Refer to http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html The content 1.2. What is SSL and ...

  2. Java Developer's Guide to SSL Certificates

    https://www.codebyamir.com/blog/java-developers-guide-to-ssl-certificates Overview When developing w ...

  3. SSH key introduction

    Preface At the first time, we take the connection with GitLab remote server. You need to type userna ...

  4. AWS Add Key Pair to Elastic Beanstalk Instance 给EB实例加密钥

    Go to Elastic Beanstalk -> Configuration -> Security -> Virtual machine permissions -> E ...

  5. Capabilities & ChromeOptions

    https://sites.google.com/a/chromium.org/chromedriver/capabilities http://stackoverflow.com/questions ...

  6. List of Chromium Command Line Switches(命令行开关集)——官方指定命令行更新网址

    转自:http://peter.sh/experiments/chromium-command-line-switches/ There are lots of command lines which ...

  7. Cryptographic method and system

    The present invention relates to the field of security of electronic data and/or communications. In ...

  8. OpenStack Keystone安装部署流程

    之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...

  9. [转载] TLS协议分析 与 现代加密通信协议设计

    https://blog.helong.info/blog/2015/09/06/tls-protocol-analysis-and-crypto-protocol-design/?from=time ...

随机推荐

  1. sqlserver生成随机数 2011-12-21 15:47 QQ空间

    -创建视图 create view myview as select re=rand() --自定义函数:取得指定范围的随机数 create function mydata( @a int, @b i ...

  2. C# 根据路线点集合动态分段

    /// <summary>         /// 将数据根据起.止点分段,返回结果点集合         /// </summary>         public Obse ...

  3. springMVC之数据传递

    在前面介绍过从controller中向页面中传数据,可以通过HttpServletRequest进行setAttribute可以将数据放入request中.并且可以在jsp页面使用el表达式获取数据. ...

  4. Java乔晓松-android中的帧动画FrameByFrame

    先看效果后上代码: 动画开始---- 动画切换的界面---- 动画播放完毕后的跳转界面----- 重要的方法: imageView.setBackgroundResource(R.anim.frame ...

  5. WPF星空效果

    效果 前阵子看到ay的蜘蛛网效果和知乎的登录页背景,觉得效果很酷.自己也想写一个.于是写着写着就变成这样了.少女梦幻的赶脚有木有.我这有着一颗少女心的抠脚大汉 实现思路 分为两个部分: 1.星星无休止 ...

  6. 在收购Sun六年后,Oracle终于瞄准了Java的非付费用户

    Java语言毫无疑问已经成为软件社区的一个品牌和开放的产业标准.自从2010年Oracle收购了Sun Microsystems公司之后,很多人就担心这在某种程度上是软件开源产业的一次失败,甚至会造成 ...

  7. 第12章 MySQL高级管理

    1.手动更新权限后,需向服务器指出已对权限进行修改: (在MySQL提示符下)flush privileges; 2.查看用户所拥有的权限: 如: show grants for bookorama; ...

  8. GTK+2.0学习——C指针回顾

    工作需要,开始做GTK,但是很久没碰C了,来捡一下C的精华. 一.*和&的意义 *:指针运算符 &:取地址运算符 两者优先级一样,从右向左方向结合 二.指针和指针变量 指针:一个变量的 ...

  9. JSONP 的工作原理是什么?

    利用<script>标签没有跨域限制的"漏洞"来达到与第三方通讯的目的. 当需要通讯时,本站脚本创建一个<script>元素,地址指向第三方的API网址,形 ...

  10. mybatis学习笔记一(入门)

    昨天看了一下mybatis,学习了一下有很多东西还不懂,但是想把一些知道的记录一下,如有错误请大家多多指点. mybatis它是apche的一个开源项目,它以前的没名字并不是叫mybatis而是叫ib ...