When learning about how to use OpenSSL to create self-signed certs, it became clear to me that most of the information available online assumes you...
For further actions, you may consider blocking this person and/or reporting abuse
This is a really nice article. By way of a little history, the specification that defines certificates is X.509, and is part of the series that describes the OSI Directory - which ended up simplified as LDAP. A certificate contains, in effect, a bunch of LDAP attributes - and so it literally can contain Bob's photo via the jpegPhoto attribute. That's not likely to happen, though, because a Certification Authority ought to only sign a certificate when it can verify every attribute within it.
One thing you haven't mentioned is revocation and status checking... But maybe I should write something on that.
Which I've done: Licensed Revoked; Certificate Status Checking in PKIX.
I must say that your article has been an excellent read. Not only you talked about the basics like Diffie Hellman Key exchange but also related those basics with the bigger set of things like digital signatures and certificates.
Overwhelmed to see such a simplified explanation of such a complex topic.
Hello. Thanks for the interesting article! I have a question. Is it just a coincidence in this example that the 'numberAliceSent' is the same as 'secretAlice' and that 'numberBobSent' is the same as 'secretBob'?
Hi Henri,
Thanks :)
They may or may not be the same, it's just a coincidence that they are.
Well explained!!
I am having a doubt on which encryption type is actually used.
What I understand from the order you have written is that Asymmetric encryption (probably RSA) is used only for Certificates and Symmetric encryption (Diffie-Hellman) for all other communication.
Correct me if I'm wrong.
Certificates are used to prove that the website is whom it says it is. The rest of the communication is encrypted using symmetric key encryption.
Diffie-Hellman is not an encryption algorithm though, it's a key exchange algorithm.
Although the article only mentions Diffie-Hellman, there are other options to exchange a secret key.
Very interesting post, thanks !
An awesome article, but I still don't understand about
magic mathstuff. 😂Hey, really nice article. Can you explain how browser verifies the identity of a certificate if it's signed by a non root CA ?
Nice article. It presents everything related to SSL in simple terms at one place. Simplicity is hard to achieve. Kudos!
Thanks for letting me know
Thanks for such a simple explanation of important aspect of web. Learnt new thing.
Great piece!
Just a heads up, I think "it was also created by however the private key belongs to." should be ", it was also created by whomever the private key belongs to."
Thanks for letting me know
Great post! Although it did make me chuckle a little bit when you mentioned “trusted” and “Symantec” in the same sentence 😂