I feel like I have a very flawed understanding on how ssl certificates work here so thought I would explain how I see it here so anyone can correct me.
As far as I understand, Bob has a certificate issued by the certificate authority and encrypted with his private key to prove to Alice that she is indeed receiving a message from Bob.
However, what is to stop Eve from getting Bob’s encrypted certificate and then when Alive wishes to talk to Bob (although Eve is playing man in the middle – so Is actually talking to Eve) she gets back a certificate that looks like it is from Bob (but actually from Eve) and as far as Alice is aware, is talking to Bob upon decrypting with the certificate public key
Am I missing something here? Or is my understanding of it totally wrong – thanks to any replies
In: Technology
You actually said what stops Eve from impersonating Bob in your previous sentence, Bob’s certificate is encrypted with his private key. Eve only has Bob’s public certificate, her web server can’t decrypt it without the key.
Latest Answers