On 8/15/2014 10:59 PM, Natalya Portnov wrote:
-----------------------------------------------------------------------------------
Q: What does it exactly mean: "signed by"?
A: When a browser receives a jar file from the net, it wants to make
sure the jar file indeed comes from the site it claims it is. By
signing the jar file (basically implanting certificate to it), it
gives enough credencial to the browser so that browser can verify that
it is indeed fromthe site.
-----------------------------------------------------------------------------------
*Q: Certificate is public. In my understanding anyone can take the
certificate and claim it is from that site. That confuses me.*
A: ?
It is based on "public/private key security scheme", which is sometimes
called "asymmetric security scheme". This public key and private key pair
gets created through mathematical formual and provide the
following features. (You can create one yourself using "keytool" that
comes with the JDK.)
-The private key is maintained as a secret by the server
-The public key is public and anybody can have access to it
-When a data gets signed by a private key, only the
party who has the corresponding public key can decipher it
and authenticate the sender
-The certificate contains a web server's public key and conveyed
to a browser when the browser and the server starts SSL handshake
-The browser by having the public key (in a certificate) sent by the
server can
verify the server is whom it claims it is (this is server authentication)
-Now how does the browser knows that the certificate sent
by the server is really genuine one (instead of fake one). This is
where CA signed certificate comes in. The certificate from the
sever is typically signed by CA' such as Verisign (they actually
pay for this - more precisely signed by CA's privatekey) and the browser
already have public keys of most CA's, again, it verifies that
the certificate is a genuine one.
-Sang
Thanks,
Natalya
--
You received this message because you are subscribed to the Google
Groups "JPassion.com: Java Programming" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
Visit this group at http://groups.google.com/group/jpassion_java.
For more options, visit https://groups.google.com/d/optout.
--
-------------------------------------------------------------------
Sang Shin, [email protected]
Founder and Chief Instructor of JPassion.com (JavaPassion.com)
http://www.linkedin.com/in/javapassion (Linkedin)
http://twitter.com/javapassion (Tweeter)
Life is worth living... with Passion!
Practically Free 3 to 5 days Live, Hands-on, Online Codecamps on
Java, HTML5, Ruby/Rails, Grails, JavaScript/jQuery, Spring, Android
http://jpassion.com/codecamps
----------------------------------------------------------------------
--
You received this message because you are subscribed to the Google Groups
"JPassion.com: Java Programming" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
Visit this group at http://groups.google.com/group/jpassion_java.
For more options, visit https://groups.google.com/d/optout.
