Authenticated Ssl Connections; Certification Authority - Oracle Secure Backup Installation And Configuration Manual

Host Authentication and Communication
creates a digital signature by submitting the message as input to a
function
The receiving host authenticates the digital signature by decrypting it with the sending
host's public key. Afterwards, the receiving host decrypts the encrypted message with
its private key, inputs the decrypted message to the same hash function used to create
the signature, and then compares the output hash to the decrypted signature. If the
two hashes match, then the message has not been tampered with.
Figure 6–3
in turn decrypt the message and verify the signature.
Figure 6–3 Using Public and Private Keys to Encrypt and Sign Messages
Message
From
B to A

Authenticated SSL Connections

For hosts to securely exchange control messages and backup data within the domain,
they must first authenticate themselves to one another. Host connections are always
two-way authenticated except for the initial host invitation to join a domain and
communication with
In two-way authentication, the hosts participate in a handshake process whereby they
mutually decide on a cipher suite to use, exchange identity certificates, and validate
that each other's
Authority
channel is established for the exchange of data.
The use of identity certificates and
attackers from impersonating a
backup data. For example, an outside attacker could not run an application on a
non-domain host that sends messages to domain hosts that claim origin from a host
within the domain.

Certification Authority

The
service daemon
Authority (CA)
and sign an
signing certificate, which it issues to itself and then signs, gives the CA the authority
to sign identity certificates for hosts in the domain. The relationship of trust requires
that all hosts in the administrative domain can trust certificates issued by the CA.
Each host stores its own identity certificate and a
certificates) that establishes a chain of trust to the CA. Like other hosts in the domain,
the CA stores its identity certificate. The CA also maintains a signing certificate that
authorizes the CA to sign the identity certificates for the other hosts in the domain.
6-10 Oracle Secure Backup Installation and Configuration Guide
and then encrypting the output hash with a private key.
illustrates how host B can encrypt and sign a message to host A, which can
Public Key Private Key
Host B Host A
Verify
Signature
Decrypt
Network Data Management Protocol (NDMP)
identity certificate
(CA). At the end of this process, a secure and trusted communication
(observiced) on the
of the administrative
identity certificate
Private Key
Host B
Sign
Host A Host B
has been issued by a trusted
Secure Sockets Layer (SSL)
client in the administrative domain
administrative server
domain. The primary task of the CA is to issue
for each host in the administrative domain. The CA's
trusted certificate
cryptographic hash
Public Key Message
Host A From
B to A
Ecrypt
servers.
Certification
prevents outside
and accessing
is the root
Certification
(or set of