1

I have a client/server SSL socket implementation in Java, where a self-signed certificate has been generated and imported into the client truststore. The server has a copy of the self-signed certificate in its keystore.

The cipher suite agreed is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, which is an epileptic Diffie- Hellman Variant. The self-signed certificate uses an RSA keypair, and the public key is listed on the certificate for encryption.

What I'm not completely sure about is how the client validation process with self-signed certificates works in Java. I understand how TLS typically verifies a certificate; using the CA's public key on its signature, then comparing the decrypted hash against a generated thumbprint.

How is the signature verified using self-signed certificates? I'm debugging on the client side in Java (using parameters -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.debug=ssl) and I see no mention of a self-signed public key for decrypting the signature, or a thumbprint hash. The certificate signatures and public RSA key are certainly mentioned though.

Many thanks.

Improve this question
6
  • 1
    What exactly is an "epileptic Diffie-Hellman Variant"? Commented Dec 18, 2013 at 1:03
  • 1
    So the client has imported the self signed cert into the truststore. In that case won't the SSL trust manager simply lookup to the truststore and verify the cert the same way it does with other certs.? Commented Dec 18, 2013 at 1:11
  • @JimGarrison It is a variant of the Diffie-Hellman key agreement scheme for a shared secret symmetric session key. My apologies, I didn't really need to include the full cipher information as part of my query. Commented Dec 18, 2013 at 9:10
  • @Varun How does this procedure work with respect to standard TLS server certificate validation? Is the validation procedure identical? It will most likely be calling isServerTrusted from the client's side. Thanks. Commented Dec 18, 2013 at 9:16
  • You haven't needed to set the handler package since about JDK 1.3. You must be using some very old reference material. Commented Dec 19, 2013 at 21:59

1 Answer 1

Reset to default
2

The client verifies the signature using the public key of the server as supplied in the server certificate. Only the owner of that certificate has the corresponding private key, so only the certificate owner can produce a valid signature that can be verified via the public key in the certificate. So this proves ownership of the certificate. The fact that the certificate is self-signed has nothing to do with it at this stage.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I assumed the RSA public key pair listed explicitly in the server certificate was used for encryption, as only the server can decrypt its contents? If not, I think there needs to be another key pairing for sending encrypted messages to the server and establishing a secure session key. Thanks.
@user10941: whether the RSA key-pair for the cert is used for signing or encryption depends on the cipher suite and its exchange algorithm (see Appendix F.1.1 of the TLS spec). In your example (EC)DHE will involve signing the DH parameters.
@Bruno This link is very useful, thank you. It appears it's using a pre-master secret with fixed Diffie-Hellman parameters.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.