0

I'm a newbie with encryption but I have a few questions. I know the subject is complicated, but I'm not asking specifically for the standard but what could work, that is to say, what should be secure, even if less than real RSA methods, even if it is not the standard but should be securized. It's questions about asymmetric encryption more generally.

1) Which private key is used to sign a Certificate ? Is it the private key related to the public key of the organization, or the private key of the autority. I think it's the first one because in Java, when I try to sign with a private key that is not the pair of the public key in the certificate, it fails (Edit. I know it may depend of the content of the "Certificate", and that a signature just sign a chunk of bytes).

If the private key of the organization is used to sign a Certificate: it means that the authority can't sign the certificate (it doesn't has the private key of the organization): does that mean that the signature is provided by the organization ?

2) It's related to question. 1 but do authority need a private key to generate certificate ? Like 2-pass signature, use the two keys to verify the signature. If yes, for which purpose specifically ?

Also if the autority doesn't need to have a private key, is it sufficient, for checking if a certificate is valid, that the certificate is right AND the authority contains the given public key in the database (or at maximum check byte by byte if the certificate in the database is the same that the one-to-check), on the assumption of the private key can not be deduced fro mthe public key ?

3) I'm confused with public/private and encryption/decryption relation. What I've seen and learn is that private encryption key is used to sign and private decryption key is used to securize communications, also we can say that encryption/decryption is just a term of langage and it has no other reality than conversion to a direction or the other. BUT in Java to sign a document with the class Signature you provide a private key to generate the signature (if i'm correct). On the other hand you use it to decrypt communications, right ? So you use it for encryption and decryption. Is it ok. to do so or do we need 2 pairs of keys to do securized communication, one for certificates and one for communications ?

4) Off-topic but I think the RSA keys are asymmetric but provide the same mathematical properties and also have a sort of symmetry, so we can encode with decryption key and reciprocally. Is this example correct, just for curiosity:

to the left: encrypt with private key
to the right: encrypt with public key
   ... <-> messageP2 <-> messageP1 <-> message <-> messageR1 <-> message R2 <-> message R3 <-> ...

Thanks

jww
  • 97,681
  • 90
  • 411
  • 885
rafoo
  • 1,506
  • 10
  • 17
  • Does this answer your question? [What is the difference between encrypting and signing in asymmetric encryption?](https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-asymmetric-encryption) – mentallurg Dec 15 '19 at 00:03
  • 1
    Stackoverflow is not well-suited to tutorial questions, which is why they are considered off-topic. – President James K. Polk Dec 15 '19 at 00:27

2 Answers2

1

the whole point of certificates is trust in a PKI (public key infrastructure)

  • a key in a PKI is allways a key pair. the private part is always kept secret by the owning party
  • there are way too many parties that everybody knows the public key of everybody else
  • everybody knows the public key of the CA (or a known CA has to sign the key of a sub-CA, if you want multiple layers of CAs)
  • everybody gets their public key embedded into a certificate signed by a CA

if you now want to communicate with someone, you ask for their certificate ... since you don't know them yet (or to be precise, you don't know their key yet) you can't be sure that you are communicating with the intended party

they send over their certificate...

now you can check the chain of trust:

their certificate is signed by someone ... is that someone trustworthy AND is the signature valid?

is that someone trustworthy? a quite simple question: is that someone a trusted CA that may sign certificates for the intended party? in other words: can we find the siging CAs certificate in our list of trusted CAs, or did another trusted CA sign their cert as a CA cert?

is the signature valid? can be tested if the signing CAs pub key is known

now what if we know this CA and trust it? ... everything is ok... but what if we don't know that CA? usually our communication partner can provide the certificate of that CA (since certificates are public, in other words, not secret)

now we can repeat ... is the presented CA cert signed by someone trustworthy and is the signature valid?

the whole point of this is: it's not required to have a huge database with all the public keys, and the communicating parties are able to verify identities on their own as long as they can verify the certs

so with this in mind ...

1) the CAs private key is used to sign a cert. The signature on a cert is equal to the statement "the signer can be held accountable for the validity of all the values in the cert"

2) the CA signs the certificate ... signing here is an operation that requires a key... just having the cert in a database at the CA does not suffice ... take into account that the identity of the certificate holder needs to be checked while there is no way of communicating with the CA

3) to lighten that confusion

sign / decrypt ... private key
verify / encrypt ... public key

usually cryptosystems for signatures and encryption are different ... RSA is the unicorn here, it can be used for both

the idea behind a certificate is that you can embed public keys, and bind them to an identity in a way that a common trusted CA is enough for two otherwise unknown parties to safely exchange their keys

4) from the math point of view ... yes ...

the RSA operation is X^e mod N = C ... C^d mod N = X

with X = plaintext ... C = ciphertext ... N,e,d rsa-parameters

the principle behind RSA is that e*d mod phi(N) = 1

therefore 

(X^e)^e = X^(e*e)   
(X^(e*e))^d = X^(e*e*d) = X^(e*1) = X^e  
(X^e)^d = X^(e*d) = X^1 = X
DarkSquirrel42
  • 10,167
  • 3
  • 20
  • 31
0

The purpose of have a certificate issued by an authority is that the authority is certifying that the information in the key is accurate. In order for that certification to be verified, the certificate must be signed using a private key that is only known to the certifying authority.

David Schwartz
  • 179,497
  • 17
  • 214
  • 278