5

I'm learning how the Certificate Authority work and have a question.

As my understanding, the Certificate Authority can guarantee that the client get the true public-key:
Saying that I'm a server and you are my client, to ensure that we can communicate securely, we use some asymmetric encryption --- I hold the private-key and I send the public-key to you. Now the problem is that how we can make sure that you get my public-key, instead of someone else's.

In this case, the Certificate Authority can help us: CA encrypts my public-key with its own private-key and send it to you, you use the public-key of CA to decrypt and get my public-key.

If I'm right, my question is:
How can we guarantee that we received the true public-key of CA? In other words, if the thing that I send my public-key to you is not secure, why does the CA sending its public-key to you is secure?

Yves
  • 321
  • 3
  • 10

3 Answers3

10

The CA doesn't send any public keys to clients.

The CA signs the server's public key with their private key and then gives that signature to the server. When the client connects to a server, the server then sends both its public key and the signature to the client.

Clients already have the public keys of all CA's they trust. These are called root certificates. Clients use those public keys to verify that the signatures on the public keys of any servers they communicate with are valid.

Now for the problem "how do the public keys of the CA's come to the client"? Some web browsers come with their own set of root certificates, others use the certificate store of the operating system. Most users blindly trust the vendor of their browser / os that the list of CA's they curated is trustworthy. So downloading and updating your web browser or operating system is a critical process for the CA infrastructure. A powerful adversary who can manipulate your internet traffic or controls the fileservers from which you receive your updates could smuggle their own CA root certificate into those installers / updates. But if they are able to slip you a backdoored update, then they can do far worse things.

Philipp
  • 49,017
  • 8
  • 127
  • 158
1

A client like a web browser already contains dozens of pre-trusted CA certificates. So, a client receiving your certificate signed by a CA looks in his local storage to confirm that the signature is valid.

  • So we can say that it is secure enough only if we get the legal OS or the legal software/browser? In other words, CA never sends its data and public-key immediately to all of the clients? We trust CA, we trust Microsoft and we trust the communication between both of them is secure enough, so we can rely on CA, am I right? – Yves Feb 01 '18 at 07:39
  • @Yves yes, that's correct. – Philipp Feb 01 '18 at 10:06
-1

A certificate authority is an organization that is seen as trusted by other organizations and entities. Whether or not you trust a certificate authority is basically up to you. You can also be a certificate authority yourself. There's enough free software you can create a ca with and give out certificates.

The more companies that do business with a ca the more overall trusted it becomes. That does not mean you have to trust it.

Some people trust free and open source stuff, as it could be reviewed by people, others trust only stuff that costs money, because if that becomes untrusted the cash flow would stop.

It's up to you to decide who you trust and who not. People are crazy enough to question the trustworthiness of a multi-billion dollar company like microsoft but install software of a completely unknown local vendor without even questioning it's trustworthyness.

  • 1
    That doesn't really answer the question. – Tom K. Feb 01 '18 at 09:54
  • Unfortunately when you want to access a public website, then it's the website which picked the certificate authority to sign their certificate. You have no other choice than to trust that particular CA or to not trust the website at all. For the website, trust in the CA does not matter, because any rogue CA can create a valid certificate for any website. Picking your most trusted CA doesn't protect against getting impersonated through others. So websites need to find a CA which is trusted by all their users, not by themselves. – Philipp Feb 01 '18 at 09:59