D-Link DFL-1600 User Manual page 219

20.2. Introduction to Cryptography
On the sender's side:
- The sender prepares a public-private key pair, and publishes the
public one.
- A one way function, known as
message, and a fixed length
mathematical function is only one-way; the original message cannot
be recomputed from the digest and any change to the original
message will make the digest totally different.)
- The sender encrypts the message digest using the private key.
- The encrypted message digest becomes the sender's digital signature
of the message, and is unique to that message.
- The digital signature is sent to the receiver together with the original
plaintext message.
On the other side:
- The receiver uses the hash function to make a message digest of the
received plaintext message.
- Using the sender's public key, the receiver decrypts the digital
signature to get the sender computed message digest.
- The two digests are compared.
- If the two digests are identical, the received message is valid.
Certificate
As it is introduced in
the digital certificate to be used to further authenticate that the public key
really belongs to the alleged party.
A certificate is issued by a certification authority (CA) containing a copy of
the certificate holder's public key and corresponding information, a serial
number, expiration time, and the digital signature of the CA, so that a
recipient can verify that the certificate is real. The digital certificates
supported by D-Link firewalls conform to X.509 standard.
8.4 X.509 Certificates, D-Link firewalls also support
D-Link Firewalls User's Guide
, is operated on a
is obtained. (The
199