Cryptography

Cryptographic Fundamentals Key Pair (Public Key + Private Key) The foundation of TLS. Generated together mathematically. # Generate key pair openssl genrsa -out private.key 2048 openssl rsa -in private.key -pubout -out public.key What they do: Encrypt with public key → Only private key can decrypt Sign with private key → Anyone with public key can verify Certificate (X.509) A certificate = public key + identity information + signature from CA. ┌─────────────────────────────────────────────────────────────────┐ │ Certificate Contents │ │ │ │ Subject: CN=api.example.com, O=MyCompany ← Who this is │ │ Issuer: CN=DigiCert CA ← Who signed it │ │ Valid From: 2026-01-01 │ │ Valid To: 2027-01-01 │ │ Public Key: MIIBIjANBgkqhkiG9w0BAQEFA... ← Embedded │ │ Signature: a7f3b2c1d4e5f6... ← CA's stamp │ └─────────────────────────────────────────────────────────────────┘ Certificate is NOT secret - it contains public key and can be shared freely. ...