Digital signature
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Nancy_Lab
Posted On:   Tuesday, March 1, 2005 12:24 PM

I was asked (interview question): When you are buying from
amazon.com how do you know taht is amazon.com and how they know that is you. I know a little of theory behind digital signature but I could not answer this question since I don't understand how I use CA, who authorized with CA and
also if I am developer do I care about CA , do I need something to authorize with them. If you can explain me
how it works with CA I would really appreciate.

Thanks

Re: Digital signature

Posted By:   Steven_Martin  
Posted On:   Tuesday, March 1, 2005 01:03 PM

There's nothing in particular to know it's "you". That's a different level of verification where the server will only speak to certified clients.



In the public sense, vendors such as amazon purchase certificates from certification vendors such as Veritas. Those large certification vendors already have their public keys in your browser. Certifates from amazon and others can then be confirmed to be truely authorized and you know the site you are dealing with. Since you have the certification vendor's public key you can verify the amazon certificate's signature along w/ their public key. That way if you want to another site, such as amazonia.com, their certificates wouldn't match correctly.



The actual communication between them relies on the same public key-private key encrpytion. You use their public key to encrypt information to send to them. In your information contains the public key they use to communicate back to you. That way, if anyone is listening on the port, it's doesn't matter. They would need someone's private key to listen to at least one part of the conversation.



SSL doesn't completely use public key/private key for the entire conversation. That would be too expensive. Your session creates a password that allows both sides to faster encrypt the communication then the higher cost of public key/private encryption/decryption.



Hope that helps. Some further topics include : certified email, signed documents.
About | Sitemap | Contact