Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
aopil2021-08-09 19:07:18
RSA
aopil, 2021-08-09 19:07:18

How does RSA work with public Key + Certificate?

I have an example original request that looks like this:
1) base64 Data
2) base64 RSA certificate chain including root CA
3) base64 Signature (SHA1+RSA) Data verified with a certificate (point 2).

Knowing the Public Key, the data is signed and sent to the server, which can decrypt the signature and compare the hash to make sure the data has not been changed.

Question: I do not understand how this technology can guarantee that the data has not been changed, because we have a Public Key, which means we can change the data, sign it and send it to the server. That it was impossible to make the certificate serves?

What prevents us from copying the certificate from the original request and sending it along with other data? The validity period of the certificate is not checked by the server in my case.

Please explain to me what role the certificate has in this chain.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
I
Ivan Shumov, 2021-08-10
@inoise

Yes, everything is simple - there are 2 keys and data is encrypted with a private key, and they are only decrypted with a public key. While the private key has not been given to anyone, everyone is happy and everything is fine.
As for the chain of certificates, the entire chain is not involved in the encryption process. These certificates are needed to validate subsequent

Report
C
CityCat4, 2021-08-10
@CityCat4

because we have a Public Key, which means we can change the data, sign it and send it to the server

Nah, we can't do that :) You need your own private key to sign . The public key can only verify the signature . This is the meaning of asymmetric cryptography - you sign with your personal, the other person checks with your general. Having a shared key does nothing . So much so that it is attached to each letter in the mail :) If you change something in the text, the signature will not match. And the publisher certificate chain is needed to verify the certificate that you are trying to verify, because in the general case you may not have the publisher's root certificates (corporate CAs, for example)

Similar questions
M
mr_blond972015-07-07 00:59:06
Why doesn't git clone work when connecting to a repository via putty? 1Reply
M
mr_blond972015-07-11 21:01:19
How to check ssh2 setup and disable password login? 2Reply
M
mr_blond972015-07-15 16:31:46
Centos 7, why won't openvpn client start? 6Reply
D
DVoropaev2017-09-21 11:36:32
How to create pki with easy-rsa? 2Reply
A
Artyom Nikolaev2017-12-26 11:56:22
How does RC4 work? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question