The actually signing probably depends on what kind of certificate it is. this is a useful read.
A digital certificate consists of three things:
- A public key.
- Certificate information. ("Identity" information about the user, such as name, user ID, and so on.)
- One or more digital signatures.
Typically the "one of more digital signatures" part is done by listing an set of encrypted hashes of the certificate. So when you want to sign a certificate, you would compute the hash of the certificate, encrypt it using your private signing key, and add it to the list of digital signatures.
So in a sense, that the certificate is a production of a private key applied to a bunch of information. So whoever receive that certificate will be able to see that person's public key, identity information, then will be able to use the public key to digest the digital signature to make sure that the hash come out of the decrypted digital signature match the certificate part of identity part of the information. so that you know this is real.
No comments:
Post a Comment