Digital certificate is a series of data that marks the identity information of communicating parties in Internet communications, and provides a way to verify identities.
It is issued by a Certificate Authority center and can be used by people online to identify each other.
The simplest digital certificate contains a public key, name, and digital signature of the certificate authority.
In order to understand the principle of digital certificates, you first need to understand the three encryption methods.
It is an irreversible encryption method that uses a hash algorithm to encrypt a set of data and cannot be decrypted after encryption.
After putting the necessary information together, the hash value is usually calculated using the MD5 or SHA1 algorithm (also called information digest: MD5 is 128 bits, SHA1 is mainly 256 bits).
The summary of the information is also called the fingerprint of the information. The same information will definitely get the same fingerprint, and the original information cannot be restored through fingerprints alone.
Use a secret key to encrypt a set of data, and use the same secret key to decrypt it.
Current symmetric key algorithms include DES, 3DES, AES, etc., and the key is generally a string of fixed-length characters.
Divide the secret key into the public key publicKey and the private key privateKey.
The content encrypted by the public key can be decrypted using the private key; and the content encrypted by the private key can be decrypted by the public key.
Knowing the public key or private key alone, there is no way to derive the other key.
Currently the most widely used asymmetric key is the RSA algorithm.
If you don’t understand these three encryption methods, you can search for relevant information by yourself.
Let’s take a look at how data certificates are issued.
Take a look at how the CA issues digital certificates in the picture below.
Image alternative address
Look at the figure below to determine the legitimacy of the digital certificate.
Image alternative address
Finally, the details and instructions of the digital certificate are organized.
Image backup address
Welcome everyone’s opinions and exchanges
email: li_mingxie@163.com