i am learning the basics.......!

Wednesday, December 20, 2006

Client authentication - SSL Handshake

Client authentication is an optional step in SSL Handshake.

If client authentication is requested, then after verifying Server certificate, Client sends "Client Certificate" along with the encrypted pre-master secret ( encrypted using public key from Server Certificate).

One more info is send by client along with this request. Client encrypts a "data" which is known to both Client and Server using Client's private key. When Server receives the request it can validate the public key of client by decrypting this.

Then Server proceeds further by authenticating the Client Certificate. This is done as follows:
1. validity (expiration date) of client certificate is checked.
2. Is the issuing authority of the certificate is a trusted CA by Server. If not.., Server checks whether any CA in the certificate chain of the client certificate is among the trusted CA of server.
3. Then it validates the integrity of the certificate. This is done by hashing the Certificate Message and comparing it with the hash obtained by decrypting the digital signature by CA's public key. Both should be same.

The Client is now authenticated. Now it can check for the resources which client is authorised to access by checking the ACL ( access control lists).

No comments:

About Me

My photo
Predictably Unpredicatble, lazy, careless, sincere, honest, caring, Trouble maker, emotional, likeable