0

In the pkcs#10 workflow to obtain the x.509 certificate used in digital signature, in the Certificate Request Information, itself in the CSR, we have the Subject Public Key.

That Subject Public Key will be used to verify that the CSR isn't modified since the Subject wrote it. All is fine up here.

Once the verification of the CSR is done, the Certificate Authority generate the X.509 Certificate. In the PKCS#10 (3. Overview, first paragraph after the ordered list), it is stated that we give the Subject Public Key in the X.509 Certificate.

The Subject Public Key was provided because we signed the CSR with the Subject Private Key, but this private key won't be reused afterward. It might have been generated only for the CSR creation, and the CSR isn't kept in the X.509 Certificate.

Also, the X.509 Certificate is signed by the Certificate Authority with its own private key, not the Subject Private Key.

So the question is : Why keeping the Subject Public Key in the X.509 Certificate, as its goal is reached once we verified the CSR, verification done before the X.509 Certificate generation?

Community
  • 1
T.Nel
  • 103
  • 3

1 Answers1

1

The certificate is signed with the Certificate Authority's private key, but the purpose of an X.509 Public Key certificate is to associate a public key with a subject-entity.

  • You generate a public/private pair
  • You generate a PKCS#10 CSR which contains the SubjectPublicKeyInfo, signed with the private key as proof-of-possession.
  • You submit the PKCS#10 CSR to a CA.
  • The CA does whatever validation they do to ensure that you're the subject that you claim to be in the CSR (or whatever subject you claim to be external to the CSR) ... and for whatever extensions you may have requested.
  • The CA copies the SubjectPublicKeyInfo into a new certificate they create, and they sign it with their private key.
  • People can now use the trust of the certificate to understand that signatures that come "from you" and verify under the public key within the certificate are actually from you (or used a stolen/cracked version of your private key).

Alternatively: Whose public key do you want them to put in your certificate? If they just made one up on the fly for you they'd also have had a copy of your private key, which is clearly less secure than only you ever having your private key.

bartonjs
  • 564
  • 7
  • 13