What is a public key certificate
HTTPS transmits data in asymmetric encryption mode during communication. (The data transmitted here is usually a randomly generated key that is used for subsequent symmetric encryption.) The server generates a pair of secret keys. Public key and Private Key Public key to the client Private key to the server After obtaining the public key, how can the client ensure that the public key obtained is the public key of the server that it wants to access? In this case, a recognized authority is required to prove that the public key is from the specified server
Work of certification bodies
The certification authority will generate a pair of secret keys. Public key and private key The generation of public key certificate consists of two parts
- A digital signature
- Server Public Key
The generation process of digital signature is as follows:
- The public key of the server uses a digital digest algorithm to generate a digital fingerprint
- The generated digital fingerprint is encrypted with the authentication authority’s private key to generate a digital signature
Procedure for a client to verify a public key certificate in HTTPS
The server sends the public key certificate to the client. The client authenticates the public key certificate to ensure the validity of the public key
- The client retrieves the public key of the authentication authority embedded in the mobile phone
- The public key of the certification authority is used to decrypt the digital signature in the public key certificate to obtain the digital fingerprint
- The client digests the server public key of the public key certificate to generate a digital fingerprint
- Compare the digital fingerprint generated by the client itself (step 3) with the decrypted digital fingerprint (step 2). If they are consistent, the public key certificate is verified and the handshake can proceed