In short, we have some sort of algorithms to gen pair of private and public keys. The public key is stored in a certificate and the private key is usually kept by server(usually the CA wont keep the private key). The certificate is generated by C.A. (certificate authority) from given info and public key provided by people/company. When some person need to send message secretly, they use the given certificate's public key to encrypt the message before send, only servers keep the right private key can decrypt it. But how do we know if the certificate is officially generated by the correct site? 2 ways, one way is to put the certificate under the implicit trust certificate list(it is pre-installed with OS/browser). The second is to prove it is trusted by the list of certificate sites mentioned. It's going to ask the trusted listed authorities the correct certificate of the given site, and the authority will respond a cypher text of the requested certificate as a signature of the requested certificate, this cypher text is encrypted with its private key. Anyone hold the CA's certificate can decrypt it and check the expected value of the certificate is correct. Then we get a correct certificate of the site from our trusted CA.

Root CA's private keys are usually kept physically isolated.

Each private key needs to be backupped and kept isolated from peering. Private keys shall be parted and distributed to several systems.

[quote]

Public key are used to encrypt message, and private key are used to decrypt message.

If the whole session need to be encrypted, two pairs of keys are needed.

Usually client side of pair of keys are generated randomly and not be verified through trusted list of CA.

Also, if no need high encryption, client side send a symmetric code to server through key pairs, then both sides communicate with the symmetric code rather than the public/private key method.

[HW quote]

Digi. Certificates: Key pairs usages的更多相关文章

  1. What is SSL and what are Certificates?

    Refer to http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html The content 1.2. What is SSL and ...

  2. Java Developer's Guide to SSL Certificates

    https://www.codebyamir.com/blog/java-developers-guide-to-ssl-certificates Overview When developing w ...

  3. SSH key introduction

    Preface At the first time, we take the connection with GitLab remote server. You need to type userna ...

  4. AWS Add Key Pair to Elastic Beanstalk Instance 给EB实例加密钥

    Go to Elastic Beanstalk -> Configuration -> Security -> Virtual machine permissions -> E ...

  5. Capabilities & ChromeOptions

    https://sites.google.com/a/chromium.org/chromedriver/capabilities http://stackoverflow.com/questions ...

  6. List of Chromium Command Line Switches(命令行开关集)——官方指定命令行更新网址

    转自:http://peter.sh/experiments/chromium-command-line-switches/ There are lots of command lines which ...

  7. Cryptographic method and system

    The present invention relates to the field of security of electronic data and/or communications. In ...

  8. OpenStack Keystone安装部署流程

    之前介绍了OpenStack Swift的安装部署,采用的都是tempauth认证模式,今天就来介绍一个新的组件,名为Keystone. 1. 简介 本文将详细描述Keystone的安装部署流程,并给 ...

  9. [转载] TLS协议分析 与 现代加密通信协议设计

    https://blog.helong.info/blog/2015/09/06/tls-protocol-analysis-and-crypto-protocol-design/?from=time ...

随机推荐

  1. Run SPLAHS2 under SE mode on gem5在gem5的SE模式下,运行SPLASH2程序

    1.  安装相关的gem5,可以参考以前的博客. 2.  下载splash2编译好的软件 首先从gem5的官网下载已经编译成alpha指令集的splash2.下载地址:http://www.gem5. ...

  2. MarkDown/reST 文档发布流水线

    相信很多朋友都在使用Markdown或者restructuredText格式来编写一些技术文档,也会把这些文档放在github上分享给社区.GitHub提供了很好的Markdown格式解析支持,但是这 ...

  3. dll导出命名空间下的c风格函数陷阱

    1.编译阶段,如果不是重载,那么C风格的同名函数与C++风格的同名函数,就会报编译错误.error C2084: function 'int Test(void)' already has a bod ...

  4. 浅析CDN存在的必要性

    CDN行业从出现至今,已经有近20年的历史.但是直到近些年互联网进入超高速发展阶段,CDN才得以得到更广泛的应用和发展.最开始,CDN的主要任务只是简单的内容分发,对于静态内容的加速没有问题.但是随着 ...

  5. .NET基础——方法

    这一篇,我们来学习C#中的方法——函数 1.  方法的功能  方法的功能:用来复用代码的,当我们在一个程序中反复的写了同样的代码,我们就可以把需要重复写的代码定义在一个方法中,用到的时候只需要调用就可 ...

  6. 关于ul和dl的区别

    1.ul是无序列表,也就是说没有排列限制可以随意加li:<ul><li>可以随意放置</li><li>可以随意放置</li><li&g ...

  7. STURTS2 HELLOWORLD

    4. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC " ...

  8. Kattis - Peragrams

    Peragrams Photo by Ross Beresford Per recently learned about palindromes. Now he wants to tell us ab ...

  9. Python 3

    #对于任意可迭代对象可使用序列拆分操作符*进行拆分 #可用iterable对分片进行赋值等操作(相当于del分片并把iterable插入其中,所以二者长度可以不同) #del取消对象引用与数据项之间的 ...

  10. C#动态创建两个按钮,btn2复制btn1的Click事件,匿名委托

    现在有一个按钮btn1,要动态创建出一个btn2,需要btn2点击时调用btn1的点击. 在delphi中这种操作很简单:btn2.onClick:=btn1.onClick,因为onClick就是个 ...