Cryptography - Public Key Authentication (Certificate-based, Sender Verification)


With the public key scheme, the Authentication is based on digital signature where the digital signature verification proves that a message came from a particular sender.


There is two type of authentication:

  • public key authentication based where the server authorizes only messages that can be decrypted by a authorized public key
  • cert-based authentication where the server authorizes only client that are in possession of certificate signed by authorized CA.

See also:



  • the private key remains (only) with the user (The possession of this key is proof of the user's identity. Only a user in possession of a private key that corresponds to the public key located at the server will be able to authenticate successfully.
  • the public keys are stored on the server in a file known as the SSH - Authorized Keys file (on Server)

For the procedure. see Digital signature procedure

Key Manager

The KeyManager is a program (or function) that decides which authentication credentials should be sent to the remote host for authentication during SSL handshake.



See the dedicated page: What is a certification base authentication (also known as Client certification / Mutual TLS authentication) ?

Documentation / Reference

Powered by ComboStrap