Examining Authentication Using Certificates

After the parties involved have installed certificates signed by the same CA, they may authenticate each other, as shown in Figure 14-11. This is done when the two parties exchange certificates. The CA's part in this process is finished, so it is not involved in this exchange.

Figure 14-10 Certificate Enrollment Process

CA Administration

Figure 14-10 Certificate Enrollment Process

CA Administration

• Out-of-Band Authentication of User Public Key

Figure 14-11 Authentication Using Certificates

Matthew's Private Key

cerCertificate crrrrertificate Crrrertificate this is a cert Ificate a

Matthew's Certificate

cerCertificate crrrrertificate Crrrertificate this is a cert Ificate a ertific\

CA Certificate

cerCertificate crrrrertificate Crrrertificate this is a cert Ificate a ertific\

Certificate

Addison's Private Key

cerCertificate crrrrertificate Crrrertificate this is a cert Ificate a ertific\

Addison's Certificate

cerCertificate crrrrertificate Crrrertificate this is a cert Ificate a ertific\

CA Certificate

• Authentication no longer requires the presence of the CA server.

• Users exchange their certificates containing public keys.

At this point, each party involved verifies the digital signature on the certificate. This is done by hashing the plain-text portion of the certificate, decrypting the digital signature using the CA's public key, and then comparing the results.

For the certificate to be valid, the results must match when this comparison is conducted. If this is the case, the certificate is verified as being signed by a trusted third party, and the verification by the CA that each party is who it claims to be is accepted.

0 0

Post a comment