I’m a bit confused on Digital Certificates. I understand the chain of trust and how you decrypt each certificate starting from the root etc. But what I’m confused about is that when you decrypt, you are left with a hash value. What do you use to verify this hash since hashing is a one way street? And are the public keys that you get from decrypting a certificate not hashed?
Also, why is it that if you have the private key for a digital signature, you are suddenly able to read all HTTPS traffic? I thought HTTPS encryption was between the browser and the server (initially encrypting the symmetric key using the server’s public key). Even if you had the entity’s private key that signed the server’s certificate, you wouldn’t have the server’s private key which you’d need to decrypt the HTTPS traffic right?