How does a certificate avoid a person in a medium attack?

Question

How does a certificate avoid a person in a medium attack?

I have another online security issue. If I understand this correctly, certificates are designed to determine who you really are. Thus, a person in an average attack is impossible. But when I see this image:

http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Digital_Signature_diagram.svg/800px-Digital_Signature_diagram.svg.png

I think a man in a medium attack is possible. You can separate the Signature, the certificate from the data. Make your own signature with your fake data and send fake data with a fake signature (but with the correct certificate) to the server / client.

What I also do not understand in this figure is where the certificate is verified on the verification side.

thank.

SCBoy

+3

man-in-the-middle https ssl-certificate

SCBoy Oct 15 '10 at 7:29

source share

1 answer

Thilo · Accepted Answer · 2010-10-15T07:43:41+0000

Make your own signature with your fake data and send fake data with a fake signature (but with the correct certificate) to the server / client.

The problem is that the recipient will then look at the fake signature and see that it does not match the certificate of the real sender.

You can create signatures corresponding to this certificate when you have the correct private key for this certificate (even if the certificate itself is public, that is, the magic of asymmetric cryptography). This secret key is kept secret by the certificate holder (original sender of the message).

-- . , ( ), , , .

, - , .

How does a certificate avoid a person in a medium attack?

More articles: