On 2009.05.19 at 16:46:14 +0530, naveen.bn wrote: > What is the contents on which CA would have signed from his private key. I > want to know it because if an attacker replaces his public key in the > server certificate which i get than its game over for me .
See RFC3280. Block of signed data includes everything in certificate apart signature itself. I.e. certificate is signed digital document which binds together information of key owner and public key. So, if attacker change public key in the certificate, CA's signature becomes invalid. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
