Sender Authentication is based on the digital signature. If you can decrypt the signature successfully, it proves that the message come from:
- a particular sender
- or group
There is three type of authentication:
- cert-based authentication where the server authorizes only client that are in possession of certificate signed by authorized CA.
- shared secret in a symmetric authentication
- the private key remains (only) with the user (The possession of this key is proof of the user's identity. Only a user in possession of a private key that corresponds to the public key located at the server will be able to authenticate successfully.
For the procedure. see Digital signature procedure
The KeyManager is a program (or function) that decides which authentication credentials should be sent to the remote host for authentication during SSL handshake.
- The server verifies it
- If both server and client authenticated themselves, then authentication is a success.