{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我命由我不由天 的问题《Where is private key when using SSL stored?》','https://www.manongdao.com/q-569079.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Before using a ssl sertificate between a service that I will be hosting on my local network I will like to understand a little more about it. From reading on the internet this is how I understand how an SSL works.
- client connects to the WCF service
- the WCF service replies with it's public key and it's certificate
- the client then verifies the certificate and encrypts his credentials with the public key
- wcf service then decrypts that message with it's private key and validates the info
- etc...
Know here are some things I do not understand:
- On step 4. where did the WCF service located it's private key?
- Why is the SSL certificate needed? from reading on the internet it is needed to verify that the Service is who I want it to be. That does not make sense to me because first I know the IP address of my service on my local network (I know who that service is). Pretend this is not the case I am on the internet and someone is trying to hack me. In that case then I believe that if I connect to their service instead of my real one there is nothing I could do because if you recall on step 2 the WCF service replied with the public key and the certificate (on plain text) that means that someone could grab that certificate and use it?
- If I use a SSL sertifiate and someone has access to the computer that is hosting the service he could somehow get the private key making my connections insecure?
First off, there are some steps missing in step three. What actually happens in step three is:
The reason for this is twofold. First, the math for public key crypto is much more expensive than the math for secret key crypto. The idea is to do that expensive math only once, to enable exchanging a shared secret. Second, the client knows the server's public key, but the client might not even have a public key, so how can the server send it a secret message? That's why they must agree on a shared secret key.
Anyway moving on to your questions:
On Windows it's in the certificate storage provided by the operating system. On other operating systems, I don't know.
Suppose you want to buy my lawnmower with a credit card, but you are worried that I might actually be a crook. You would like to know my real name so that you can prosecute me if I start charging my trip to Vegas on your card.
So when we do the transaction, I show you a piece of paper that says "Eric Lippert claims that the owner of this piece of paper is Eric Lippert, signed, Eric Lippert". Do you believe me? If you already trust Eric Lippert then you don't need the piece of paper, and if you don't trust Eric Lippert, then the paper doesn't establish trust. This is a "self signed certificate".
Now, if I show you a piece of paper that says "VeriSign incorporated claims that the owner of this piece of paper is Eric Lippert, signed VeriSign", then the question is: do you trust VeriSign to have verified my identity? If you do, then this is evidence that the person you're talking to is who they claim to be.
That's the purpose of the cert. It establishes that a particular public key is really associated with a particular organization because it is signed by a mutually trusted third party called the certifying authority.
When you buy something with your credit card online, you presumably trust the web site to only make authorized charges to that card. The cert verifies that the public key you are going to use for encryption really is the public key of that web site, not some evil hacker's public key.
Yes, but that doesn't help them unless they steal the private key, which is private. The person with someone else's cert cannot decrypt messages that were encrypted with the public key, so they're not going to be able to do the secret key exchange with the client! Even if they manage to trick the client, all they're going to get is a stream of bits encoded with a secret key of the client's choice, a secret key which the attacker cannot obtain without the private half of the certificate.
Yes. The security of the entire system depends on the private key remaining private. That's why its called the private key. If an attacker gains access to your private key then they can impersonate you at will, so keep it secret, keep it safe. If your key is compromised there is a mechanism whereby the certificate can be revoked, but the damage will typically already be done.
Eric Lippert's answer is great, but I thought I'd add a few more details in response to a couple points:
Yes, it is true that SSL verifying the server's identity is correct might not of much benefit if you are inside and intranet or on a trusted secure LAN. However, SSL or more correctly, TLS (Transport Layer Security), gives you an encrypted channel to communicate between your client and server. This means if anybody between your client and server is sniffing the network, they won't be able to read the message. TLS (SSL) is the most supported and simple way to achieve this.
If someone has admin access to the server where the private key is stored (in the cert), and that person has malicious intent, then frankly, you lost a long time before that. When storing your certificates in the cert store, you can set specific permission about who is able to read, write, and modify the cert.
Hope this helps.