On TLS 1.2 how does the client make sure the server has the certificate's private key?



  • When RSA is used for Key Exchange, the pre-master key is encoded with the server certificate public key, so the server would not be able to decode it if it didn't possess the private key.

    However, when ECDHE is used for Key Exchange, how does the client make sure the server is legit and possess the private key relative to the provided certificate?



  • The ECDHE key exchange does not care about the private key of the certificate. The private key is only used for authentication, which is like the key exchange part of the TLS handshake. But authentication is not part of the ECDHE key exchange.

    Basically, the authentication is done by the server signing some data which are at least in part depend on client data. The client can then verify this signature using the public key in the certificate.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2