> On Jun 26, 2016, at 8:13 PM, Gerriet M. Denkmann <[email protected]> wrote: > > Assume that an evil entity has got hold of “MyServerCertificate.cer”, but has > no access to my keychain and thus to the private key of MyServerCertificate. > Could they use this certificate to open a secure stream to a client? Or do > they need the private key to sign?
— Servers don’t open connections to clients; it’s the other way around. — There’s nothing private about a certificate. In fact, an SSL server sends its certificate out to any client that connects to it, as part of the SSL handshake. — A certificate contains only the public key, not the private key. It can’t be used to sign anything, only to verify signatures. —Jens _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
