SSL certificate signature creation



  • I have some queries regarding SSL certifcate chain. I have tried searching documents online, but none has mentioned clearly.

    When a chain of trust is established, below would be how it works.

    Domain certificate when issued by an intermediate CA, it will put in a signature value in the certificate that is created by hash of the data and further encrypted by Private key of the issuer which can be decrypted by Public Key.

    The same goes with Intermediate CA. the Root CA will create a has of data, sign it with it private key and put in that signature in intermediate so it can trust it.

    I want to understand what data is used to create a Hash which is then encrypted by the Private Key of the issuer. Is it certificate contents like CN, Serial no etc?

    The reason I am asking this is if there is a Man in the middle, he can check that certificate and decrypt the signature using the public key and check the hash value.

    How does the machine confirm that this is the correct hash it has received in the signature after decrypting it?

    I mean with what value it will compare at its side? For example in the case of IPSEC, the hash of hostname or PSK is sent to the peer and the other side has also the PSK and it will create the hash and match the hash value.

    In the case of signature, how does the source machine compares that the hash is correct, does it have some command value?

    Please correct me if I am going in the wrong direction.

    Thank you!



  • ... which is then encrypted by the Private Key of the issuer. ... the signature after decrypting it?

    It is signed with the issuers private key, not encrypted. Note that with RSA this might look the same, but with ECDSA it works differently.

    I want to understand what data is used to create a Hash which is then encrypted by the Private Key of the issuer. Is it certificate contents like CN, Serial no etc?

    Everything from the certificate (tbsCertificate) is covered by the signature and thus included in hash, excluding only the signature itself. To cite from RFC 5280

    4.1.1.3.  signatureValue
    
       The signatureValue field contains a digital signature computed upon
       the ASN.1 DER encoded tbsCertificate.
    
    ...
    
    Certificate  ::=  SEQUENCE  {
         tbsCertificate       TBSCertificate,
         signatureAlgorithm   AlgorithmIdentifier,
         signature            BIT STRING  }
    

    I mean with what value it will compare at its side?

    Anybody having the certificate can simply extract tbsCertificate and recompute the hash for verification.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2