Hello!

I think I understand all the fuss about asymmetric encryption and public and private keys. I think I understand what is server certificate. It is a public key with owners information signed by the certificate authorities private key. The certificate is sent from server to the browser at the beginning of the SSL handshaking. Browser can then authenticate the servers public key against CA that signed it. Then this public key is used to send symmetric key for the symmetric data encryption.
What I don't understand here is according to the http://en.wikipedia.org/wiki/SSL_Certificate page there can also be the client certificate which I doubt the average user have (maybe some banking certificates?) What are client side certificates for? Just for authentication? Is it ever used in symmetric key exchange? If my bank issues the certificate for usage with theirs web banking, shouldn't I also get the private key or the private key is held by the bank?=

About mail encryption. I have my certificate. I signed my mail with my certificate (public key?). Now the other end cam verify the mail integrity and authenticity. How? The logic thing would be that I sign the mail hash with my private key and the other party can check that with my certificate (public key) I send along with my mail. For mail encoding I should also have the other party certificate (public key) shouldn't I?

Regards,

Basically yes. The client's certificate just proves to the server that you are who you say you are. Commonly, the server (or some other trusted third party) will sign your client certificate before sending it back to you. Then when you connect to the server, it can check the signature to see if it's valid. I don't know of many large systems that do use client certificates, but I've got my small email server set up so it requests my client certificate if I want to send/receive mail.

In the case you describe of banks distributing certificates to users, they're probably using something like a pkcs12 file, which, as you correctly pointed out must contain both the public and private key (I think it's encrypted with a shared secret key/passphrase). It's then imported into your browser (see for example tools->options->advanced->encryption in firefox, where you can import the pkcs12 file). It's not perfect (since ideally no-one should EVER know your private key), but it's probably better than the crappy passwords most people would use.

Yes, you encrypt the message with the the recipients public key, then sign it with your private key. Provided the recipient trusts your public key (e.g. it's signed by a CA or whatever), this works. It's actually more complicated than that, since both a basic "sign then encrypt" or "encrypt then sign" protocol are vulnerable to various attacks. I can't remember off the top of my head what the details are.

Hope this helps.

Really? There are also certificates with both public and private keys in it? This could be the case with my banking system. When I connect to their web site the browser window with question about certificate pops out and asks me which certificate I want to use. I select the proper certificate and secure connection is made (I can see this by small lock icon in the browser). Then I also type my password on the entry web page and the system lets me in. But I still don't understand what my certificate is for here. Is my assumption correct:
- first when SSL handshaking is taking place when both client and server authenticate each other with their public keys being signed my CA.
- then client generates symmetric key and encodes it with servers public key and sends it to it (I know this algorithm is a little bit more complicated, but this is the essence of it)
- now all communication is taking place with symmetric key encryption.
- what role does client and server public keys have from now on? What does the client do with its private key?
- is data encrypted by both sides with each others public keys? This would be asymmetric encryption on top of the symmetric one?

You also said that email encryption and signing is a little bit more complicated. Do you have any links or documents that describe banking case and mail encryption/signing case in more detail? It really bugs me I don't fully understand it (especially the banking case). Wikipedia is great place to learn the basic theory, but it doesn't describe the real world implementation.

Best regards,