[2274] in WWW Security List Archive
Re: Naive
daemon@ATHENA.MIT.EDU (Tim Dierks)
Wed Jun 26 21:33:00 1996
Date: Wed, 26 Jun 1996 16:53:00 -0700
To: Vassilis Risopoulos <risopoul@informatik.uni-hamburg.de>
From: timd@consensus.com (Tim Dierks)
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 16:54 6/26/96, Vassilis Risopoulos wrote:
>This is going to sound naive I know and it probably is, but I need to get
>it clear.
>A "signed" certificate is encrypted right?
>I mean all the X.509 stuff that are in the certificate just get encrypted
>by the CA
>and then the client has to have the public key of the CA to get them?
>Or, everything is in the clear and the signature that comes in the end is
>a kind of CRC
>to check the whole thing?
The latter is correct; the certificate is in the clear, and a hash of the
certificate is encrypted using the private key of the CA; it can then be
verified with the public key of the CA.
- Tim
Tim Dierks -- timd@consensus.com -- www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development
