This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
CertificateVerify
CertificateVerify

Version management

Difference between version and

At line 1 added 33 lines
!!! Overview
[{$pagename}] describes a Step within the [TLS Handshake] process.
The [user-agent] sends a digital signature computed by the [user-agent] over all previous handshake messages.
%%information
The [{$pagename}] message is ONLY sent when the server requested a [user-agent] certificate that has signing capability (i.e. all [certificates] except those containing fixed Diffie-Hellman parameters) and the [user-agent] complied.
%%
When sent, it will immediately follow the [ClientKeyExchange].
This is how the [user-agent] proves to the server that it really "owns" the [Public Key] which is encoded in the certificate it sent in the [CertificateRequest].
Structure of this message:
%%prettify
{{{
struct {
Signature signature;
} CertificateVerify;
CertificateVerify.signature.md5_hash
MD5(handshake_messages);
Certificate.signature.sha_hash
SHA(handshake_messages);
}}} /%
In [TLS] the [{$pagename}] process is where the [user-agent] sends the [Digital Signature] computed by the [user-agent] using its [Private Key] over all previous handshake_messagess, including the type and length fields of the handshake_messagess, starting at [ClientHello] up to but not including this [{$pagename}] message to the server in an unencrypted message.
The Next Step the [user-agent] sends the [change_cipher_spec] in an unencrypted message.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop