ZyXEL P-793H v2 User Guide - Page 200
Certificates Technical Reference
View all ZyXEL P-793H v2 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 200 highlights
Chapter 12 Certificates 12.3 Certificates Technical Reference This section provides technical background information about the topics covered in this chapter. 12.3.1 Certificates Overview The P-793H v2 can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner's identity and public key. Certificates provide a way to exchange public keys for use in authentication. The P-793H v2 uses certificates based on public-key cryptology to authenticate users attempting to establish a connection, not to encrypt the data that you send after establishing a connection. The method used to secure the data that you send through an established connection depends on the type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates. Advantages of Certificates Certificates offer the following benefits. • The P-793H v2 only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys. 12.3.2 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure. These keys work like a handwritten signature (in fact, certificates are often referred to as "digital signatures"). Only you can write your signature exactly as it should look. When people know what your signature looks like, they can verify whether something was signed by you, or by someone else. In the same way, your private key "writes" your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows. 200 P-793H v2 User's Guide