I feel like I have a very flawed understanding on how ssl certificates work here so thought I would explain how I see it here so anyone can correct me.
As far as I understand, Bob has a certificate issued by the certificate authority and encrypted with his private key to prove to Alice that she is indeed receiving a message from Bob.
However, what is to stop Eve from getting Bob’s encrypted certificate and then when Alive wishes to talk to Bob (although Eve is playing man in the middle – so Is actually talking to Eve) she gets back a certificate that looks like it is from Bob (but actually from Eve) and as far as Alice is aware, is talking to Bob upon decrypting with the certificate public key
Am I missing something here? Or is my understanding of it totally wrong – thanks to any replies
In: Technology
A certificate is just a wrapper for a public-private key pair. It also includes identity information.
The pairs work in tandem. What I encrypt with my private key, you need my public key to decrypt. Having one side is useless for identity theft or man in the middle attacks.
The public key is the only one that gets shared. The private one stays in your computer.
The key exchange is a more complicated than I’ve indicated, but this is conceptually what happens.
Latest Answers