I feel like I have a very flawed understanding on how ssl certificates work here so thought I would explain how I see it here so anyone can correct me.
As far as I understand, Bob has a certificate issued by the certificate authority and encrypted with his private key to prove to Alice that she is indeed receiving a message from Bob.
However, what is to stop Eve from getting Bob’s encrypted certificate and then when Alive wishes to talk to Bob (although Eve is playing man in the middle – so Is actually talking to Eve) she gets back a certificate that looks like it is from Bob (but actually from Eve) and as far as Alice is aware, is talking to Bob upon decrypting with the certificate public key
Am I missing something here? Or is my understanding of it totally wrong – thanks to any replies
In: Technology
The Certificate Authority has it’s own key and uses that to wrap up Bob’s Cert.
That way Eve can’t get at Bob’s cert unless she somehow got the CA’s private key.
Latest Answers