Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
271272273274275276277278279280
Authentication
For authentication,public key systems work as follows: Romeo and Juliet want to make sure the
messages they receive are in fact from each other and not from someone else, Juliet's father, for
example. When Juliet generates a message to Romeo, she performs a special computation involving
both her private key and the plaintext of her message. She attaches the result of this computation,
called her digital signature, to her message and sends it (encrypted with Romeo's public key) to
Romeo.
On the other end, after decrypting Juliet's message, Romeo wants to make sure it is really from
Juliet. To verify the authenticity of Juliet's message, Romeo performs a special computation that
involves Juliet's message along with her digital signature and her public key. If this computation
produces the expected result, Romeo knows Juliet's digital signature is genuine; if it does not
produce the expected result, Romeo knows he should ignore the message.
Managing Key Certificates
Certificates are digital documents attesting to the binding of a public key to an individual or other
entity. They allow verification of the claim that a given public key does in fact belong to a given
individual.Certificates help prevent an imposter from using a key to impersonate someone else.
In their simplest form, certificates contain a public key and a name. As commonly used, they also
contain the expiration date of the key, the name of the Certificate Authority (CA) that issued the
certificate, the serial number of the certificate, and perhaps other information. Most important,
certificates contain the digital signature of the certificate issuer.
A CA issues the certificate and signs it with its private key.
Using Certificates
Public key certificates generate confidence in the legitimacy of the public keys to which the
certificates are bound. Recipients of these certificates can use them to verify not only the signature
of the certificate owner but the certificate itself. This level of verification strongly ensures against
any possibility of forgery or false representation.
Two or morecertificates can be enclosed with the same message such that one certificate testifies
to the authenticity of the previous certificate. Such a hierarchy of authentication is called thecertificate
chain. At the end of such a chain is a top-level CA that is trusted without a certificate from any
other CA (see Figure 15 (page 272)).
Figure 15 Certificate Chain
Sender Sender
CA
CA CA
Top Level (Trusted) CA
272 Security Concepts