Reputation: 64173
How does the signature in a digital certificate come from?
According to here:
A digital certificate contains:
Serial Number: Used to uniquely identify the certificate.
Subject: The person, or entity identified.
Signature Algorithm: The algorithm used to create the signature.
Signature: The actual signature to verify that it came from the issuer.
Issuer: The entity that verified the information and issued the certificate.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date.
Key-Usage: Purpose of the public key (e.g. encipherment, signature, certificate signing...).
Public Key: The public key.
Thumbprint Algorithm: The algorithm used to hash the public key certificate.
Thumbprint (also known as fingerprint): The hash itself, used as an abbreviated form of the public key certificate.
My question is, how does the signature come from? I think it is used to ensure the digital certificate is issued by a trusted issuer. So the issuer use its private key to sign on something to produce the signature, then the verifier of the certificate must have the corresponding public key of the issuer to decipher the signature and verify that this something is genuine.
If I am correct, this something must be stored in the certificate as well for the verifier to compare the deciphered signature to. So what's this something? Could it be the thumbprint (hash) of the public key?
Upvotes: 2
Views: 746
Answers (1)
Reputation: 23436
This something is most of the certificate itself. The receiver can calculate the hash over the TBSCertificate (the part of the certificate To Be Signed) itself using the algorithm in the certificate. The receiver can then verify that it is the same as the hash calculated by the signer (the issuer of the certificate). If the signature is verified and the signer is trusted, then the certificate is verified.
There are more tests to be performed such as validating that the certificate has not been revoked or over it's date of expiry before it can be fully trusted.
A digital certificate consists of:
- certificate information
- signature algorithm
- signature value
See the RFC 5280 for more info on the exact structure of the certificate.
Upvotes: 5
Related Questions
- How does a public key verify a signature?
- How do e-Signature companies create valid digital signatures
- what is the difference between digital signature and digital certificate?
- What is the difference between signing Certificate and Encryption Certificate?
- Clarification on Digital Certificates
- TLS what is certificate signature generated from
- Something confusing about digital certificates
- Certificate Signing
- Type and Class of Digital Certificates
- Concept of Digital Signatures for a specific scenario