- Digital certificate is signed by a CA (Certification Authority)
- To know that the certificate is actually signed by the CA only verification of certificate takes place
- Suppose we receive a digital certificate of a user which we want to verify.
- We used to verify the digital signature of CA.
Following are the steps involved in their process (verification of a digital certificate)
The user process all fields except the last one of the received digital certificate to a message digest algorithms. This algorithm should be the same as the one used by the CA while signing the certificate. The CA mentions the algorithm used for signing along with the signature in the verification so the user here knows which algorithm is to be used.
2.The MD algorithm calculates a message digest of all fields of the certificate, except for the last one. let us call this message as MD1.
The user now extracts the digital signature of the CA from the certificate 9 it is the last field in the certificate)
The user designs the CA signature and the user decrypts the signature with the CA public key
This produces another MD lets call it MD2 . note that MD2 is the same MD as would have been calculated by the CA during the signing of the certificate.
Now the user compares the message digest it calculated MD1 with the one , which is the result of de-signing the CA's signature (MD2) . If the two match if MD1 = MD2 , the user is convinced that the digital certificate was indeed signed by the CA with its private key. If this comparison fails, the user will not trust the certificate & reject it.