What is Sender authentication ? (Public Key Authentication based, Certificate-based in Cryptography)

About

Sender Authentication is based on the digital signature. If you can decrypt the signature successfully, it proves that the message come from:

• a particular sender
• or group

Type

There is three type of authentication:

• public key authentication based where the server authorizes only messages that can be decrypted by a authorized public key (see the asymmetric digital signature verification)
• cert-based authentication where the server authorizes only client that are in possession of certificate signed by authorized CA.
• shared secret in a symmetric authentication

See also:

• Security - Identity Assertions
• and message authentication codes.

Concept

Key

• the private key remains (only) with the user (The possession of this key is proof of the user's identity. Only a user in possession of a private key that corresponds to the public key located at the server will be able to authenticate successfully.
• the public keys are stored on the server in a file known as the What are the SSH Authorized Keys file? (on Server)

For the procedure. see Digital signature procedure

Key Manager

The KeyManager is a program (or function) that decides which authentication credentials should be sent to the remote host for authentication during SSL handshake.

Type

Mutual

• Mutual Authentication, in addition to server authentication, the client also has to present its certificate to the server.
• The server verifies it
• If both server and client authenticated themselves, then authentication is a success.

See the dedicated page: What is a certification base authentication (aka SSL/ TLS Server | Client | Mutual authentication or Identity Certificate) ?

Documentation / Reference

• http://logicoy.com/blogs/ssl-keystore-truststore-and-mutual-authentication/
• https://winscp.net/eng/docs/public_key