CozyFexKubernetes TLS Certificates Basic
Contents
Symmetric Encryption
Plain Text Transport
Data
| |
Plain Text
This is very weak for security.
There’s no encryption.
It’s easy to hijack the
There’s no encryption.
It’s easy to hijack the
data.Encryption Transport
Data
| |
Key
| |
Encrypted Data
| |
Symmetric Encryption
This is encrypted, but it’s still weak for security.
It’s still easy to hijack
So they can decrypt the
It’s still easy to hijack
data including the key.So they can decrypt the
data with key.Asymmetric Encryption
Mechanism
Theory
Split the
So it’s an easy way to remember
key to Public Key and Private Key.Public Key is used to encrypt, Private Key is used to decrypt.So it’s an easy way to remember
Public Key as Public Lock.SSH
Generate Client User’s Private Key and Public Key
| |
Register User’s id_rsa.pub to the Server
| |
Public Key List
| |
Connect to the Server
| |
Process Summary
Personal Asymmetric Encryption in Web
Personal Problem
It can be hijacked by DNS spoofing and copy the website that has their RSA.
Generate RSA
Private Key
| |
Public Key
| |
Process
CA(Certificate Authority)
Certificate Authority
When you use personal RSA asymmetric encryption, there’s security problems that I talked above.
For security, you need to use certificate authority services.
For security, you need to use certificate authority services.
CSR
Certificate Signing Request
Browser and CA
All browsers are built in certificate validation mechanism.
The browsers have public keys of well known certificate authority organizations.
The browsers have public keys of well known certificate authority organizations.
| |
private.csr
| |
Process
PKI(Public Key Infrastructure)
PKI
Above whole structure is called PKI.
| Certificate(Public Key) | Private Key | |
|---|---|---|
| Purpose | Encrypt(Lock) | Decrypt |
| Extension Type | *.crt | *.key |
| *.pem | *-key.pem | |
| Examples | server.crt | server.key |
| server.pem | server-key.pem | |
| client.crt | client.key | |
| client.pem | client-key.pem |