ZyXEL Communications Corporation OX253P Manual De Usuario
Chapter 10 The Certificates Screens
OX253P User’s Guide
114
10.4.1 Certificate Authorities
When using public-key cryptology for authentication, each host has two keys. One
key is public and can be made openly available. The other key is private and must
be kept secure.
key is public and can be made openly available. The other key is private and must
be kept secure.
These keys work like a handwritten signature (in fact, certificates are often
referred to as “digital signatures”). Only you can write your signature exactly as it
ought to look. When people know what your signature ought to look like, they can
verify whether something was signed by you, or by someone else. In the same
way, your private key “writes” your digital signature and your public key allows
people to verify whether data was signed by you, or by someone else. This
process works as follows.
referred to as “digital signatures”). Only you can write your signature exactly as it
ought to look. When people know what your signature ought to look like, they can
verify whether something was signed by you, or by someone else. In the same
way, your private key “writes” your digital signature and your public key allows
people to verify whether data was signed by you, or by someone else. This
process works as follows.
1
Tim wants to send a message to Jenny. He needs her to be sure that it comes from
him, and that the message content has not been altered by anyone else along the
way. Tim generates a public key pair (one public key and one private key).
him, and that the message content has not been altered by anyone else along the
way. Tim generates a public key pair (one public key and one private key).
2
Tim keeps the private key and makes the public key openly available. This means
that anyone who receives a message seeming to come from Tim can read it and
verify whether it is really from him or not.
that anyone who receives a message seeming to come from Tim can read it and
verify whether it is really from him or not.
3
Tim uses his private key to sign the message and sends it to Jenny.
4
Jenny receives the message and uses Tim’s public key to verify it. Jenny knows
that the message is from Tim, and she knows that although other people may
have been able to read the message, no-one can have altered it (because they
cannot re-sign the message with Tim’s private key).
that the message is from Tim, and she knows that although other people may
have been able to read the message, no-one can have altered it (because they
cannot re-sign the message with Tim’s private key).
5
Additionally, Jenny uses her own private key to sign a message and Tim uses
Jenny’s public key to verify the message.
Jenny’s public key to verify the message.
The OX253P uses certificates based on public-key cryptology to authenticate users
attempting to establish a connection, not to encrypt the data that you send after
establishing a connection. The method used to secure the data that you send
through an established connection depends on the type of connection. For
example, a VPN tunnel might use the triple DES encryption algorithm.
attempting to establish a connection, not to encrypt the data that you send after
establishing a connection. The method used to secure the data that you send
through an established connection depends on the type of connection. For
example, a VPN tunnel might use the triple DES encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can then
use the certification authority’s public key to verify the certificates.
use the certification authority’s public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that
validate a certificate. The OX253P does not trust a certificate if any certificate on
its path has expired or been revoked.
validate a certificate. The OX253P does not trust a certificate if any certificate on
its path has expired or been revoked.
Certification authorities maintain directory servers with databases of valid and
revoked certificates. A directory of certificates that have been revoked before the
revoked certificates. A directory of certificates that have been revoked before the