Todor Kolev wrote:"A website's certificate will have a signature from the CA.
The signature is a hash of the certificate details, encrypted using the CA's private key.
The browser has a stash of known good public keys with which it can verify the signature"
1. How does the CA encrypt the signature hash with the private key? Wasn't the private key for DEcryption?
2. How does the browser use the public keys to verify the signature?
Well, seems there's some you don't know.
First: In a-symmetric crypto (or in crypto in general) there is no such thing as "encrypt plaintext" or "decrypt ciphertext" but only "perform the base operation" wich mostly boils down to some sort of "a^b mod c" (wich is true both for RSA and DSA - the difference is wich of those numbers is message and what's the key).
Hence: It doesn't matter with what kind of data and key you perform this data.
Second: Most systems use RSA - so I will limit my example to it. DSA works a bit different, but very similar.
In RSA you have a plain text, a cipher text, a public key and a private key. Further RSA is devided into encryption and signature. These go by this:
encryption:
encrypting data: plaintext message "m" is raised to the power of public exponent "e" and mod by shared modulus "N" -> c=m^e mod N
decrypting data: ciphertext "c" is raised to power of private exponent "d" and mod N -> m=c^d mod N
signature:
signing: hash of message "h" is raised to power of private exponent "d" and mod by shared modulus "N" -> s=h^d mod N
verify: signature "s" is raised to power of public exponent "e" and mod N and is then compared to calculated hash: h=s^e mod N
You see: RSA always use a^b mod c - the only what changes is the input base and the exponent. Data encryption and signing differs by what's used as exponent at what time.
In addition, signing uses a hash of the message instead of the message itself. Checking then works by comparing the hash you got after RSA operation with what was calculated over the message - if both match is pretty much sure, that integrity is proven (depend on collision resistance of hash function - hence SHA-1 shouldn't be used anymore as it's known for possible attacks).
Certificate validation works by calculating the hash of the certificate and compare it to whats in the signature - if they match the certificate is taken as valid.
Prove of validity is done when a valid path can be build to a trusted root certificate. Root certificate are a bit special as they what's called self-signed - so it's own private key is used to sign it's own public key instead of rely on a signature of a third party (CA).