All correct for authentication. There are times that public keys or certificates are encrypted using a DH protocol for privacy. You might not want a man in the middle to track where you go, and a certificate is your identity.
> From: Joshua Juran <[EMAIL PROTECTED]> > Date: Wed, 18 May 2005 15:31:52 -0400 > > > Certificates aren't encrypted. They're used to establish the > encryption in the first place. > > There's no such thing as 'intercepting' a certificate. You'll notice > that this message has a certificate attached. You can't 'intercept' it > because I'm not intending to prevent you from receiving it. In fact, > I'm intending that you *do* receive it. > > Now that you have my certificate, you can create a message encrypted > such that only I can read it -- since only I have the private key > needed to decrypt it. The mirror image of public key encryption is > digital signature. I sign with my private key, and the public key > verifies the signature -- that the signer must be holding the private > key. > > A certificate is an assertion of identity of a keyholder. Mine says > "The key used to sign this message belongs to [EMAIL PROTECTED]" > It makes no guarantees about my personal identity (e.g. my real name) > but from it you can conclude that the message was sent by the owner of > this mailbox and wasn't forged by someone else. Should you believe > what my certificate says? Well, it was signed by Thawte, so if you > trust them, then yes. > > Once you trust my certificate, you can use it for encrypting messages > to me. -- Ken Goldman [EMAIL PROTECTED] 914-784-7646 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
