In learning ssh, people must have a lot of public and private keys produced a puzzled. When searching for understanding with the private key public key, I found this interesting illustration of small articles, and share.
1. Bob has two keys, one public key, and the other is the private key.
2. Bob the public to give his friends ---- Patty, Doug, Susan ---- a person.
3. Susan to give Bob wrote a confidential letter. After she finished with Bob's public key encryption, you can achieve the effect of confidentiality.
4. After the receiver Bob, with the private key decryption, we see the contents of the letter. It should be emphasized that, as long as Bob's private key does not leak, this letter is safe, even fall into the hands of others, can not be decrypted.
5. Bob reply to Susan, decided to adopt a "digital signature." Abstract After he finished first with Hash function to generate letters (digest).
6. Then, Bob uses a private key, to encrypt the digest to generate the "digital signature" (signature).
7. Bob this signature, attached to the letter below, sent with the Susan.
8. After receiving Susan, remove the digital signature, decrypting Bob's public key, to give a summary of the message. It is evident that this letter is indeed sent by Bob.
9. Susan reuse letters Hash function itself, the result will be obtained, compared with the digest obtained in the previous step. If they match, as evidenced by this letter has not been modified.
10. The complex situation there. Doug wants to deceive Susan, Susan he secretly used the computers, with their own public go for Bob's public key. At this point, Susan actually owns Doug's public key, but thought it was Bob's public key. Therefore, Doug can impersonate Bob, made with their own private key "digital signature", wrote to Susan, Susan let decrypted with the public key Bob false.
11. Later, Susan feels wrong, found himself unable to determine whether the public key really belongs to Bob. She thought of a way to find Bob requirements "certificate authority" (certificate authority, referred to as CA), make public key authentication. Center certificate with its private key, encrypted with the public key and some information Bob generates a "digital certificate" (Di Git Al Certificate).
12. After Bob got a digital certificate, you can rest assured. Susan wrote later to give, as long as at the same time signature, and then attach a digital certificate on the line.
13. Susan after receiving unlock with CA's public key digital certificate, you can get the real Bob's public key, and then be able to prove the "digital signature" is really Bob is signed.
14. Let's look at an example of application of the "digital certificate": https protocol. This protocol is mainly used for web encryption.
15. First, the client sends the encrypted request to the server.
16. After the server with its own private key to encrypt web page, along with a digital certificate itself, sent along to the client.
17. The client (browser) "Certificate Manager", the "Trusted Root Certification Authorities" list. The client will be based on this list to see whether the public key to unlock the digital certificates in the list.
18. If the URL described in the digital certificate, is inconsistent with the URL you're on, it shows this certificate may be fraudulent, the browser will issue a warning.
19. If this is not a digital certificate issued by a trusted authority, the browser will issue another warning.
Original Address: http://www.youdzone.com/signature.html