证书签名请求:它包含公钥还是私钥? [英] certificate signing request: Does it contain public key or private key?

问题描述

我试图揭开 CSR 是如何产生的神秘面纱，以及公钥和私钥的作用.

I am trying to demystify how CSR is generated, and role of the public and private key.

服务器 1:

• 生成公钥和私钥

现在，我想要 CSR，为此，我将去 CA 进行签名.

Now, I want CSR and for that, I will go to a CA for signing.

对于创建 CSR 请求，是基于服务器的公钥还是私钥?

For creating a CSR request, is it based on server's public key or private key?

我提到了这个SO问题;在那里，它说服务器(请求 CSR)在将 CSR 发送给 CA 之前通过其私钥对 CSR 进行签名.

I referred to this SO question; in there, it says the server (which is requesting for CSR) itself signs CSR by its private key, before sending it to CA.

我有点困惑，有以下问题:

I am bit confused, have the following questions:

• 最终产品(CA 签署的证书):它是否包含服务器的私钥或公钥?我了解最终产品应包含请求 CSR 的服务器的公钥.

• The end product (the signed certificate by CA): Does it contain server's private key or public key? I understand that the end product should contain the public key of the server requesting CSR.

在发起 CSR 请求时，为什么服务器需要通过其私钥对 CSR 进行签名?正确吗?

While initiating a CSR request, why a server needs to sign a CSR by its private key? Is it correct?

服务器的公钥是 CSR 的一部分吗?

Is server's public key part of CSR?

最终，CA 是否从 CSR 生成证书以及它如何从 CSR 派生服务器的公钥?

Eventually, does CA generate a certificate from CSR and how it derives the public key of the server from CSR?

推荐答案

最终产品(CA 签署的证书):是否包含服务器的私钥或公钥?

The end product (the signed certificate by CA): Does it contain server's private key or public key?

证书是公开文件.因此它只能包含公钥.如果它包含私钥，那么该密钥将不再是私有的.

The certificate is a public document. It therefore can only contain the public key. If it contained the private key, then that key wouldn't be private any more.

在发起 CSR 请求时，为什么服务器需要通过其私钥对 CSR 进行签名?正确吗?

While initiating a CSR request, why a server needs to sign a CSR by its private key? Is it correct?

是的，大体上是正确的.这个概念称为所有权证明 (PoPo)，它用于向 CA 证明您(或在这种情况下是服务器)拥有与将由 CA 签名(或至少拥有它)的公钥相对应的私钥在 CA 签署您的证书之前的时间).如果 CA 不坚持使用 PoPo，那么您可以拒绝任何签署的未来消息，如下所示:

Yes, it is generally correct. This concept is called Proof of Possession (PoPo) and it used to prove to the CA that you (or the server in this case) have the private key corresponding to the public key which will be signed by the CA (or at least had it at the time just before the CA signed your certificate). If the CA didn't insist on PoPo then you could repudiate any signed future message as follows:

1. 您拥有由 CA 签署的公钥以创建您的证书.当时，您可以按照自己的意愿使用您的私钥签署您的请求.一切都很好.
2. 我过来从你的证书中复制你的公钥.我现在将其作为 CSR 提交给 CA，但没有 PoPo.CA 对其进行签名并向我发送一份证书，其中现在包含我的姓名和您的公钥.
3. 有时，您向第三方(例如您的银行)发送经过数字签名(使用您的私钥)的消息，要求他们向 Stack Overflow 捐赠 1000 美元.
4. 您后来决定将 1000 美元花在度假上更好，因此您向银行提出了对签名消息的异议.
5. 银行说但是您对消息进行了数字签名以对其进行身份验证！！
6. 正如您所知，CA 在没有 PoPo 的情况下签署证书，您只需说我必须使用您的私钥发送消息，我现在已销毁该私钥以试图隐藏证据.
7. 银行无法证明 (6) 不正确，因为他们没有检查我是否拥有与我的请求中的公钥相对应的私钥，因此您的声明不是我 不能被拒绝 - 银行必须偿还您.

1. You have your public key signed by the CA to create your certificate. At the time, you sign your request with your private key as you should. Everything is good.
2. I come along and copy your public key from your certificate. I now present that to the CA as a CSR but without PoPo. The CA signs it and sends me a certificate, which now contains my name and your public key.
3. At some point, you send a digitally signed (with your private key) message to a third party, say your bank, asking them to donate $1000 to Stack Overflow.
4. You later decide that the $1000 would be better spent on a vacation, so you dispute the signed message to your bank.
5. The bank says But you digitally signed the message to authenticate it!!
6. As you know the CA signs certificates without PoPo, you simply have to say that I must have sent the message instead, using your private key which I've now destroyed in an attempt to hide the evidence.
7. The bank cannot prove that (6) isn't true as they didn't check I had possession of the private key corresponding to the public key in my request, and therefore your statement of it wasn't me cannot be rejected - the bank has to reimburse you.

如果银行在我向 CA 提交您的公钥时坚持使用 PoPo，我的请求就会失败，您以后也无法拒绝您的消息.但是一旦 CA 在没有 PoPo 的情况下签署请求 - 所有的赌注都是不可否认的.

If the bank insisted on PoPo when I submitted your public key to the CA, my request would have failed and you could not repudiate your message later. But once a CA signs a request without PoPo - all bets are off for non-repudiation.

最终，CA 是否从 CSR 生成证书以及它如何从 CSR 导出服务器的公钥?

Eventually, does CA generate a certificate from CSR and how it derives the public key of the server from CSR?

无需推导 - 您服务器的公钥位于名为 CertificateRequestInfo 的结构中的请求中.

There is no derivation to do - your server's public key is in the request in a construct called a CertificateRequestInfo.

此 CertificateRequestInfo 包含您(或服务器)的名称和公钥.它还可以包含其他元素，例如请求的扩展.CA 从这个 CertificateRequestInfo 获取它需要的任何信息(只有公钥是必需的)，并使用该信息生成一个名为 tbsCertificate 的结构(tbs"代表待签名).该构造包含您的姓名、您的公钥以及 CA 认为合适的任何扩展名.然后签署此 tbsCertificate 以创建您的证书.

This CertificateRequestInfo contains your (or server's) name and the public key. It can also contain other elements such as requested extensions. The CA takes whatever information it requires from this CertificateRequestInfo (only the public key is mandatory) and uses the info to generate a construct called a tbsCertificate (the 'tbs' stands for To Be Signed). This construct contains your name, your public key and whatever extensions the CA deems fit. It then signs this tbsCertificate to create your certificate.

这篇关于证书签名请求:它包含公钥还是私钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！