What is a website's private signing key used to sign?

CryptoGuru

11/12/23, 4:53 AM

I am trying to understand digital signatures and digital certificates. I know that digital certificates verify a server's public verification key but what does the website's (client) private verification key sign?

140

1 + 1

DannyNiu

11/12/23, 7:36 AM

Are you asking that, in the context of web browsing, what does the private key of the server that hosts the website signs when some client makes a connection?

Score:2

Crypto

fgrieu

11/12/23, 7:49 AM

What does the website's (client) private verification key sign?

When a standard browser connects to a website, that browser is the client, and typically has no public/private key pair. Thus there is no "website's client private verification key" to sign with.

In the following I consider a website with a single server, thus do no distinguish if a key or certificate is that of the website, or of the server.

What is a website's private signing key used to sign?

The website's private key, matching the public key signed by the website's certificate, is used by the website to sign a message incorporating a challenge generated by the browser, yielding a session-unique signature, that the browser verifies against the server's public key extracted from the server's certificate.

More in detail: In TLS 1.3, what's signed by the website is the transcript hash, which is a digest of some selected earlier exchanges† of the browser and the server, that both had an opportunity to influence with random seed they generated.

The browser somewhat gets the website's certificate (typically, from the server or from a cache); checks the signature of that certificate (typically thru a chain of certificates, perhaps obtained from the server, and from a local trusted database of ultimately trusted certificates‡ that came with the browser); perhaps checks that the certificate was not revoked; extracts the website's public key from the website's certificate; and verifies the signature in the Certificate Verify message of the server against that public key and the transcript hash jointly generated.

† Specifically: those of ClientHello, HelloRetryRequest, ClientHello, ServerHello, EncryptedExtensions, server CertificateRequest, server Certificate, server CertificateVerify, server Finished, EndOfEarlyData, client Certificate, client CertificateVerify, client Finished that have occurred.

‡ That list of ultimately trusted certificates is a serious weakness of the whole stuff, such that only a fool would trust TLS secure from state-level actors and other well-funded adversaries. For the latest (November 2022) account on (possibly) rogue certification authorities, see e.g. Bruce Schneier's blog article, or (while that works) the Washington Post article that AFAIK broke the story in the general press about that particular (possibly) rogue CA, with Joel Reardon.

+ 4

CryptoGuru

11/12/23, 2:42 PM

So does the website use its private key signing key to sign the hash of the contents of the website so it can be viewed by anyone who has the website's public signature verification key?

SAI Peregrinus

11/12/23, 6:11 PM

No, it signs the transcript hash only. That doesn't contain the contents of the website, but rather of the key exchange. Then the exchanged symmetric key is used with Authenticated Encryption to send the contents of the web site, so the receiver both decrypts and verifies at the same time.

CryptoGuru

11/12/23, 6:51 PM

Oh the transcript hash which is signed by the website contains the Diffie Hellman shared key (g^ab)?

Marc Ilunga

11/12/23, 9:29 PM

@CryptoGuru, not the transcript hash doesn't contain $g^{ab}$, which is technically not part of the transcript. However, the (partial) transcript hash(es) is used together with $g^{ab}$ to derive the many keys used in TLS 1.3 (either to encrypt the handshake or other things). See here: https://datatracker.ietf.org/doc/html/rfc8446#section-7.1

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is a website's private signing key used to sign?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.