I wish SHARE would get the Sacto presentations up; then I could refer you to my
Your certificate contains the public half of a public-private key pair. You
generated that pair and keep the private part private.
The entire certificate is signed by a certificate authority. In other words, it
contains a hash encrypted with the private key of the CA.
The recipient of the certificate verifies that it is valid by verifying that
the hash can be decrypted with the CA's public key, which is contained in the
recipient's CA certificate.
So ... your private key has played no part in validating the certificate.
Now ... for data traffic purposes, the recipient creates a random number which
will be used for secret key encryption/decryption of data traffic. He encrypts
that random number with the public key from the certificate and sends it to
you. You decrypt it with your private key and use it for secret key
encryption/decryption of session traffic. That is where your private key comes
The above is a simplification and leaves out details like client certificates
and intermediate certificates, but it accurately represents the essence of the
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Andrew Rowley
Sent: Thursday, April 5, 2018 10:52 PM
Subject: Re: Software Delivery on Tape to be Discontinued
On 6/04/2018 12:41 PM, Charles Mills wrote:
> No, @Gil has it right.
OK, help me understand.
>> I believe so but, answering Andrew's question, the signature on
>> messages he sends is encrypted using Andrew's private key which he does not
>> disclose even to the CA.
The signature is encrypted using my private key.
>> The recipient verifies the signature using the public key obtained from the
The signature needs to be verified using the key that matches my private key,
i.e. my public key, correct? How is that obtained from the CA? I suspect we
just have a terminology problem here but I'm not quite seeing it.
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN