Search code examples
certificatedigital-certificate

Something confusing about digital certificates

A digital certificate is a digital document that certifies that a certain public key is owned by a particular user. Thus if you trust the CA that signed the certificate C, then you can trust that specific public/private key pair is owned by the owner of certificate C.

a) Assume client A wants to establish a connection with server B located at url www.some_domain.com. When establishing a connection with B, A may receive from the other end a X.509 certificate C and a public key, belonging to the owner of certificate C.

But how can client know that owner of C is really a server B and not some other entity that hijacked ( if that is the correct term ) the connection and sent its own certificate and public key to A?

Only way I can think of for client to know whether owner of C is really B, is if C's Subject field also specifies the domain for which this certificate is valid or if it specifies the organization to which this certificate belongs ( but that only helps if client knows to which organization www.some_domain.com belongs )?!

thank you

Solution

  • Because 'C' is signed by a CA certificate authority that is already on your system. That is why the scheme can be broken by governments that control the CA's.

    If you look at a certificate in your browser then you can see who signed it. For instance gmail is signed by Thawte which is signed by Verisign. The CN field is marked www.google.com so it will only be valid for that domain.

    Maybe you are talking about man in the middle: http://en.wikipedia.org/wiki/Man-in-the-middle_attack

    A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other—it is an attack on mutual authentication. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL authenticates the server using a mutually trusted certification authority.

    So in your scenario only one side would be fooled. Check out step 2 below:

    https://ssl.trustwave.com/support/support-how-ssl-works.php

    • Step 1: A customer makes a connection to xyz.com on an SSL port, typically 443. This connection is denoted with https instead of http.

    • Step 2: xyz.com sends back its public key to the customer. Once customer receives it, his/her browser decides if it is alright to proceed.

      • The xyz.com public key must NOT be expired
      • The xyz.com public key must be for xyz.com only
      • The client must have the public key for Trustwave installed in their browser certificate store. 99.9% of all modern browsers (1998+) include the Trustwave root certificate. If the customer has Trustwave trusted public key, then they can trust that they are really communicating with XYZ, Inc.

    • Step 3: If the customer decides to trust the certificate, then the customer will be sent to xyz.com his/her public key. -Step 4: xyz.com will next create a unique hash and encrypt it using both the customer's public key and xyz.com's private key, and send this back to the client.

    • Step 5: Customer's browser will decrypt the hash. This process shows that the xyz.com sent the hash and only the customer is able to read it.
    • Step 6: Customer and website can now securely exchange information.