1

If I'm using both a digital certificate and a digital signature in a communication:

Are there four different keys in operation here, since key pairs are mathematically linked? Is the Digital Certificate using one set of keys, i.e., a private key to encrypt the hash and a public key (on other side of conversation) to decrypt the hash (so at the other end the hashing algorithm can be run to determine if data has been altered), and an entirely different pair of keys registered with the Certificate Authority in order to verify you are who you say you are to the person you're sending to? Or is that same exact public key/private key being used in both scenarios?

I'm sure this question is indicative of a lack of proper understanding of process, but I don't see it spelled out anywhere and am unable to implicitly understand based on the numerous explanations I've read.

ElpisofChaos
  • 21
  • 1

1 Answers1

2

a private key to encrypt the hash and a public key

The private key is used to sign data, which includes hashing the data.

And an entirely different pair of keys registered with the Certificate Authority in order to verify you are who you say you are to the person you're sending to

What is happening is that you send a certificate request which contains your public key, and that's what is signed. You keep the private key of that key pair to yourself. The certificate returned still contains your public key, but it is signed by the Certificate Authority.

So there one key pair per certificate, i.e. one for the certificate of you and one of the parent certificate of the Certificate Authority. Of course that certificate may also be signed by the private key of a certificate above that, until the root certificate is reached. So you get a chain of certificates leading to the root certificate.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263