Digital certificate Verification

2.6 Complete Process:

step1: "Customer" sends a communication request to the server

"Customer", "Server": Hello

step2: "Server" sends its own digital certificate to the customer. A public key in the certificate is used to encrypt information, and the private key is held by the "server"

"Server", "Customer": Hello, I am the server, here is my digital certificate

step3: "Customer" received the "server" certificate, it will verify that the digital certificate is not "server", digital certificate is not a problem, digital certificate if the check is not a problem, it means that the public key in the digital certificate is indeed "server". After checking the digital certificate, "customer" sends a random string to the "server" to encrypt with the private key, the server returns the encrypted result to "customer", "customer" decrypts the return result with the public key, if the decryption result is consistent with the random string generated earlier, it means that the other party is indeed the holder of the private key. Or that the other person is really a "server".

"Customer", "Server": to prove to me that you are the server, this is a random string//In the previous example in order to facilitate the explanation, with "Hello" and so on, in practice is generally a randomly generated string.

"Server", "customer": {a random string}[private key | RSA]

step4: After verifying the identity of the "server", "customer" generates a symmetric encryption algorithm and key for subsequent communication encryption and decryption. This symmetric encryption algorithm and key, "customer" will be encrypted with the public key sent to the "server", others intercepted also useless, because only the "server" in the hands of the private key can be decrypted. In this way, both "server" and "client" can use symmetric encryption algorithms to encrypt and decrypt the communication content.

"Server", "customer": {OK, already received the symmetric encryption algorithm and key you sent! What can I do for you? }[Key | symmetric encryption algorithm]

"Customer", "server": {My account is AAA, the password is 123, send me the information of my balance see}[key | symmetric encryption algorithm]

"Server", "customer": {Hello, your balance is 100 Yuan}[key | symmetric encryption algorithm]

...//Continue other communications

Digital certificate Verification