I feel like I have a very flawed understanding on how ssl certificates work here so thought I would explain how I see it here so anyone can correct me.
As far as I understand, Bob has a certificate issued by the certificate authority and encrypted with his private key to prove to Alice that she is indeed receiving a message from Bob.
However, what is to stop Eve from getting Bob’s encrypted certificate and then when Alive wishes to talk to Bob (although Eve is playing man in the middle – so Is actually talking to Eve) she gets back a certificate that looks like it is from Bob (but actually from Eve) and as far as Alice is aware, is talking to Bob upon decrypting with the certificate public key
Am I missing something here? Or is my understanding of it totally wrong – thanks to any replies
In: Technology
Bob has a public key for his mail adress [email protected] – he’s giving that one out to everyone, to Alice, to Eve, whoever wants it, gets it. When Bob sends a message from [[email protected]](mailto:[email protected]), it’s using his private key. Only Bob has this one. He didn’t give it to anyone. When he sends his message to Alice, her email program looks if it has a public key for [[email protected]](mailto:[email protected]). If she does, she can read Bob’s message and gets the info that the keys fit. If she doesn’t, the mail gets rejected.
Since only Bob has his private key, Alice can’t pretend to be Bob.
Latest Answers