Digi. Certificates:key pairs usages

In short, we have some sort of algorithms to Gen pair of private and public keys. The public key was stored in a certificate and the private key was usually kept by server (usually the CA wont keep the Private key). The certificate is generated by C.A. (certificate authority) from given info and public key provided by People/company. When some person need to send message secretly, they use the given certificate ' s public key to encrypt the message before Send, only servers keep the right private key can decrypt it. But how does we know if the certificate is officially generated by the correct site? 2 ways, one is to put the certificate under the Implicit Trust Certificate list (it's pre-installed with Os/browser). The second is to prove it was trusted by the list of certificate sites mentioned. It ' s going to ask the trusted listed authorities the correct certificate of the given site, and the authority would respond A cypher text of the requested certificate as a signature of the requested certificate, this cypher text was encrypted with its private key. Anyone hold the CA's certificate can decrypt it and check the expected value of the certificate is correct. Then we get a correct certificate of the site from our trusted CA.

Root CA ' private keys is usually kept physically isolated.

Each private key needs to is backupped and kept isolated from peering. Private keys shall is parted and distributed to several systems.

[Quote]

Public key is used to encrypt message, and private key is used to decrypt message.

If the whole session need to being encrypted, the pair of keys is needed.

Usually client side of pair of keys is generated randomly and not being verified through trusted list of CAs.

Also, if no need high encryption, client side send a symmetric code to server through key pairs, then both sides Communica Te with the symmetric code rather than the Public/private key method.

Digi. Certificates:key pairs usages