SlideShare uma empresa Scribd logo

Public private key

StudsPlanet.com
StudsPlanet.com
TecnologiaEducação
1 de 12
Baixar para ler offline
Public Key Encryption and Digital Signature: How do they work? Entire contents © 2004 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. White Paper Business solutions through information technology
2 Public Key Encryption and Digital Signature: How do they work? TA B LE O F C O N T E N T S INTRODUCTION 3 1. PUBLIC-KEY, WHAT IS IT? 3 1. 1 A DEFINITION 3 1.2 ENCRYPTION AND DECRYPTION 4 1.3 DIGITAL SIGNATURE AND VERIFICATION 4 1.4 BEYOND THE PRINCIPLES 5 1.5 IDENTITY AND KEYS 8 2. WHAT IS A CERTIFICATE 8 2.1 CERTIFICATE VALIDATION ADDED TO THE PROCESS 8 2.2 BEYOND THE MECHANICS 10 3. WHAT IS A PKI 10 3.1 KEY AND CERTIFICATE MANAGEMENT 10 3.2 SUPPORT FOR NON REPUDIATION OF DIGITAL SIGNATUR 11 4. CONCLUSION 11 ABOUT CGI 11 APPENDIX A: REFERENCES AND FOOTNOTES 12
3 Public Key Encryption and Digital Signature: How do they work? Introduction One of the major challenges facing consultants today is maintaining a level of knowledge of leading and emerging technologies, beyond the superficial or buzzword level. We need to develop a level of understanding that allows us to communicate effectively with both suppliers and customers. We then can demonstrate: • Our knowledge of the business issues being addressed; • The application of technology to providing solutions; • The business benefits for the customer; • The limitations that will remain and that will need to be mitigated in other ways. Public-key has been around for some time now. A lot of interesting work has been done in different committees (for instance IETF/PKIX and PKCS1) to define Public-key related standards and techniques. But, do we know what is in there? Do we know how it works? Let’s open the hood and take a look at the engine and at last, get into the details on how public- key encryption and digital signature really work. This article is a starting point to get a feel for a vast area named PKI (Public-Key Infrastructure). This includes the mechanics described in this article as well as an ensemble of software, hardware and processes governed by rules and standards converging to the high level of Trust required and expected by the Industry. 1. Public-key, what it is Public-key refers to a cryptographic mechanism. It has been named public-key to differentiate it from the traditional and more intuitive cryptographic mechanism known as: symmetric-key, shared secret, secret-key and also called private-key. Symmetric-key cryptography is a mechanism by which the same key is used for both encrypting and decrypting; it is more intuitive because of its similarity with what you expect to use for locking and unlocking a door: the same key. This characteristic requires sophisticated mechanisms to securely distribute the secret-key to both parties2. Public-key on the other hand, introduces another concept involving key pairs: one for encrypting, the other for decrypting. This concept, as you will see below, is very clever and attractive, and provides a great deal of advantages over symmetric-key: • Simplified key distribution • Digital Signature • Long-term encryption However, it is important to note that symmetric-key still plays a major role in the implementation of a Public-key Infrastructure or PKI. 1.1 A definition Public-key is commonly used to identify a cryptographic method that uses an asymmetric-key pair3: a public-key and a private-key 4. Public-key encryption uses that key pair for encryption and decryption. The public-key is made public and is distributed widely and freely. The private-key is never distributed and must be kept secret. Given a key pair, data encrypted with the public-key can only be decrypted with its private- key; conversely, data encrypted with the private-key can only be decrypted with its public- key. This characteristic is used to implement encryption and digital signature. Both encryption and digital signature principles are illustrated in Figure 1 and Figure 2.
4 Public Key Encryption and Digital Signature: How do they work? 1.2 Encryption and Decryption Encryption is a mechanism by which a message is transformed so that only the sender and recipient can see. For instance, suppose that Alice wants to send a private message to Bob. To do so, she first needs Bob’s public-key; since everybody can see his public-key, Bob can send it over the network in the clear without any concerns. Once Alice has Bob’s public-key, she encrypts the message using Bob’s public-key and sends it to Bob. Bob receives Alice’s message and, using his private-key, decrypts it. Figure 1: Encryption/Decryption principles 1.3 Digital Signature and Verification Digital signature is a mechanism by which a message is authenticated i.e. proving that a message is effectively coming from a given sender, much like a signature on a paper document. For instance, suppose that Alice wants to digitally sign a message to Bob. To do so, she uses her private-key to encrypt the message; she then sends the message along with her public-key (typically, the public key is attached to the signed message). Since Alice’s public-key is the only key that can decrypt that message, a successful decryption constitutes a Digital Signature Verification, meaning that there is no doubt that it is Alice’s private key that encrypted the message. Figure 2: Digital Signature/Verification principles Alice PuKeyBob Encryption/Decryption Bob PrKeyBob [Message]PuKeyBob Alice writes a message for Bob. In order to make sure that only Bob can look at this message, Alice encrypts it using Bob’s Public Key. Bob receives the message sent by Alice. In order for him to see what Alice put in her message, Bob decrypts it using his private key. Alice PrKeyAlice Digital Signature/Verification Bob PuKeyAlice [Message]PrKeyAlice Alice writes a message for Bob. In order to prove that the message has effectively been written by her, Alice signs it by encrypting the message using her Private key. Bob receives the message sent by Alice. In order for him to verify that the message is effectively coming from Alice, Bob decrypts it using Alice’s Public Key.
1.4 Beyond the principles The two previous paragraphs illustrate the encryption/decryption and signature/verification principles. Both encryption and digital signature can be combined, hence providing privacy and authentication. As mentioned earlier, symmetric-key plays a major role in public-key encryption implementations. This is because asymmetric-key encryption algorithms5 are somewhat slower than symmetric-key algorithms6. For Digital signature, another technique used is called hashing. Hashing produces a message digest that is a small and unique7 representation (a bit like a sophisticated checksum) of the complete message. Hashing algorithms8 are a one-way encryption, i.e. it is impossible to derive the message from the digest. The main reasons for producing a message digest are: 1 The message integrity being sent is preserved; any message alteration will immediately be detected; 2 The digital signature will be applied to the digest, which is usually considerably smaller than the message itself; 3 Hashing algorithms are much faster than any encryption algorithm (asymmetric or symmetric). The following sections explains what really happens when encrypting and signing a message on one hand, and when decrypting a message and verifying its signature on the other hand. 1.4.1 Steps for signing and encrypting a message Figure 3 below shows the set of operations required when Alice wants to send a signed and encrypted message to Bob. Figure 3: Signature and Encryption details with keys 5 Public Key Encryption and Digital Signature: How do they work? Signature Legend Encryption Alice Alice sending a signed and encrypted message to Bob Bob Send Message to recipient 2b: Encrypt with SymK 1a: Calculate Digest 2c: Encrypt Symmetric Key 1b: Sign Digest 2a: Evalute SymK PrKA Alice’s Private Key PuKA Alice’s Public Key PuKB Bob’s Public Key SymK One time symmetric key Hash Hashing alogorithm [Message+[Digest]PrKA+PuKA]SymK+[SymK]PuKBSigned and Encrypted Message Message in Clear [Message+[Digest]PrKA +PuKA]SymK +SymK Message+[Digest]PrKA +PuKA Digest=[Message]Hash SymK
6 Public Key Encryption and Digital Signature: How do they work? 1) Message signature. Digital signature includes two steps: a) Message digest evaluation. The main purpose for evaluating a digest is to ensure that the message is kept unaltered; this is called message integrity. b) Digest signature. A signature is in fact an encryption using the issuer’s (Alice in this case) private-key. Included in the signature is also the hashing algorithm name used by the issuer. The issuer’s public-key is also appended to the signature. Doing so lets anyone decrypt and verify the signature using the issuer’s public-key and hashing algorithm. Given the properties of public-key encryption and hashing algorithms, the recipient has proof that: i) The issuer’s private-key has encrypted the digest; ii) The message is protected against any alteration. 2) Message encryption. Encryption includes the following 3 steps: a) Creation of a one time symmetric encryption/decryption key. Remember that encryption and decryption algorithms using asymmetric-keys are too slow to be used for long messages; symmetric-key algorithms are very efficient and are therefore used. b) Message encryption. The whole message (the message itself and the signature) is encrypted using SymK, the symmetric-key evaluated above. c) Symmetric-key encryption. SymK is also used by the recipient to decrypt the message. SymK must therefore be available to the recipient (Bob) only. The way to hide the Symk from everybody except the recipient is to encrypt it using the recipient’s public-key. Since SymK is a small piece of information compared to a message (that could be very long), the performance penalty associated with the relative inefficiency of asymmetric-key algorithms is acceptable. One interesting point to mention is that if Alice wants to send the same message to more than one recipient, say Bob and John for instance, the only additional operation to be performed is to repeat ‘step 2) c)’ for John. Hence, the message that both Bob and John would receive would look like: [Message+[Digest]PrKA+PuKA]SymK+[SymK]PuKB+[SymK]PuKJ . Notice that the exact same SymK will be used by Bob and John to decrypt the message.
7 Public Key Encryption and Digital Signature: How do they work? 1.4.2 Steps for Decrypting and verifying the signature of a message Figure 4 below shows the set of operations required when Bob wants to decrypt and verify the message sent by Alice. Figure 4: Decryption and verification details with keys 1) Message decryption. The decryption includes the following steps: a) Symmetric-key decryption. The one time symmetric-key has been used to encrypt the message. This key (SymK) has been encrypted using the recipient’s (Bob) public-key. Only Bob can decrypt SymK and use it to decrypt the message9. b) Message decryption. The message (which includes the message itself and the signature) is decrypted using SymK. 2) Signature verification. The signature verification includes the following 3 steps: a) Message digest decryption. The digest has been encrypted using the issuer’s (Alice) private-key. The digest is now decrypted using the issuer’s public-key included in the message. b) Digest evaluation. Since hashing is a one-way process i.e. the message cannot be derived from the digest itself, the recipient must re-evaluate the digest using the exact same hashing algorithm the issuer used. c) Digests comparison. The digest decrypted in a) and the digest evaluated in b) are compared. If there is a match, the signature has been verified, and the recipient can accept the message as coming unaltered from the issuer. If there is a mismatch this could mean that: i) The message has not been signed by the issuer or ii) The message has been altered. iii) In both cases, the message should be rejected. Decryption Legend Verification Alice Bob Decrypting and Verifying message sent by Alice Bob Message is decrypted and signature is verified 1a: Decrypt SymK with PrKB 2c: Compare Digests 2b: Evaluate Digest 2a: Decrypt Digest using PuKA 1b: Decrypt Message with SymK PrKA Alice’s Private Key PuKA Alice’s Public Key PuKB Bob’s Public Key SymK One time symmetric key Hash Hashing alogorithm = Digest = [Message]HASH Digest [Message+[Digest]PrKA +PuKA] Message in Clear [Message+[Digest]PrKA +PuKA]SymK +SymK[Message+[Digest]PrKA +PuKA]SymK +[SymK]PuKB
8 Public Key Encryption and Digital Signature: How do they work? 1.5 Identity and keys Until now, we have taken for granted the keys being used for encryption/decryption and digital signature/verification belong to Bob and Alice. How can we be sure that Alice is really Alice? And, how can Alice be sure that only Bob will see what she encrypted? So far, the only thing we know is that the user of a given key pair has signed and encrypted the message. But, is he really the owner? George, for instance, may have sent a message to Bob pretending that he is Alice; Bob cannot tell whether or not it is Alice or George who is sending the message. The same applies to Bob’s public-key. This issue is solved by the use of certificates. 2. What is a Certificate A certificate is a piece of information that proves the identity of a public-key’s owner. Like a passport, a certificate provides recognized proof of a person’s (or entity) identity. Certificates are signed and delivered securely by a trusted third party entity called a Certificate Authority (CA). As long as Bob and Alice trust this third party, the CA, they can be assured that the keys belong to the persons they claim to be. A certificate contains among other things: 1) The CA’s identity 2) The owner’s identity 3) The owner’s public-key 4) The certificate expiry date 5) The CA’s signature of that certificate 6) Other information that is beyond the scope of this article. With a certificate instead of a public-key, a recipient can now verify a few things about the issuer to make sure that the certificate is valid and belongs to the person claiming its ownership: 1) Compare the owner’s identity 2) Verify that the certificate is still valid 3) Verify that the certificate has been signed by a trusted CA 4) Verify the issuer’s certificate signature, hence making sure it has not been altered. Bob can now verify Alice’s certificate and be assured that it is Alice’s private-key that has been used to sign the message. Alice must be careful with her private-key and must not divulge how to get to it; by doing so, she is enforcing one aspect of the non-repudiation feature associated with her digital signature. As will be seen in section 3.2, there is more to consider for effective non-repudiation support. Note that certificates are signed by a CA, which means that they cannot be altered. In turn, the CA signature can be verified using that CA’s certificate. 2.1 Certificate validation added to the process When Alice encrypts a message for Bob, she uses Bob’s certificate. Prior to using the public-key included in Bob’s certificate, some additional steps are performed to validate Bob’s certificate: 1) Validity period of Bob’s certificate 2) The certificate belongs to Bob 3) Bob’s certificate has not been altered 4) Bob’s certificate has been signed by a trusted CA Additional steps would be required to validate the CA’s certificate in the case where Alice does not trust Bob’s CA. These steps are identical to the ones requires to validate Bob’s certificate. In the example below, it is assumed that both Bob and Alice trust that CA.
9 Public Key Encryption and Digital Signature: How do they work? Figure 5: Signature and Encryption details with certificates In the Figure 5 above, a Certificate validation step is added to what is shown in Figure 3. Only the fields required for the validation of a certificate are displayed. Alice wants to make sure that the PuKB included in CertB belongs to Bob and is still valid. • She checks the Id field and finds BobId, which is Bob’s identity. In fact, the only thing she really knows is that this certificate appears to belong to Bob. • She then checks the validity fields and finds that the current date and time is within the validity period. So far the certificate seems to belong to Bob and to be valid. • The ultimate verification takes place by verifying CertB’s signature using the CA’s public- key (PuKCA found in CertCA)10. If CertB signature is ok, this means that: a) Bob’s certificate has been signed by the CA in which Alice and Bob has put all their trust. b) Bob’s certificate integrity is proven and has not been altered in any way. c) Bob’s identity is assured and the public-key included in the certificate is still valid and belongs to Bob. Therefore, Alice can encrypt the message and be assured that only Bob will be able to read it. Similar steps will be performed by Bob on Alice’s certificate before verifying Alice’s signature. Legend Alice sending a signed and encrypted message to Bob revisted PrKA Alice’s Private Key PrCA CA’s Private Key PrSi CertCA Signer’s Private Key PuKB Bob’s Public Key PuKCA CA’s Public Key CertA Alice’s Certificate CertB Bob’s Certificate CertCA CA’s Certificate SymK One time symmetric key Hash Hashing alogorithm BobId Bob’s Identity CAId CA’s Identity SiId CertCA Signer’s Id Validity Certificate’s Valid Period Signature Encryption Certificate Validation Alice Bob 1a: Calculate Digest OK 3c: Encrypt Symmetric Key 3b: Encrypt with SymK 1b: Sign Digest Verify CertB CertB BobId+Validity+PuKB+CAId+[Digest]PrCA CertCA CAId+Validity+PuKCA+SiId+[Digest]PrSi [Message+[Digest]PrKA +CertA]SymK +SymK [Message+[Digest]PrKA +CertA]SymK +[SymK]PuKB Message in Clear Signed and Encrypted Message [Message+[Digest]PrKA +CertA Digest=[Message]Hash Valid CertB SymK CertCA CertDB
10 Public Key Encryption and Digital Signature: How do they work? 2.2 Beyond the mechanics So far, this article covered in some details the public-key mechanics associated with encryption and digital signature. In section 2.1 the notion of Certificate Authority has been brought up. The CA is the heart of a Public-Key Infrastructure (PKI). 3. What is a PKI A PKI is a combination of software and procedures providing a means for managing keys and certificates, and using them efficiently. Just recall the complexity of the operations described earlier in this article for having a feel on the absolute necessity to provide users with appropriate software support for encryption and digital signature. But nothing has been said yet about management. 3.1 Key and certificate management Key and certificate management is the set of operations required to create and maintain keys and certificates. The following is the list of the major points being addressed in a managed PKI: 1) Key and certificate creation: How to generate key pairs? How to issue certificates to the users? A PKI must offer software support for key pair generation as well as certificate requests. In addition, procedures must be put in place to verify the user identity prior to allowing him to request a certificate. 2) Private-key protection: How will the user protect his private-key against misuse by other malicious users? Certificates are widely accessible because they are used for either encryption or signature verification. Private-keys require some reasonable level of protection because they are used either for decryption or for digital signature. A strong password mechanism must be part of the features of an effective PKI. 3) Certificate revocation: How to handle the situation where a user’s private-key has been compromised? Similarly, how to handle the situation where an employee leaves the company? How to know whether or not a certificate has been revoked? A PKI must provide a means by which a certificate can be revoked. Once revoked, this certificate must be included in a revocation list that is available to all users. A mechanism must be provided to verify that revocation list and refuse to use a revoked certificate. 4) Key backup and recovery: What happens to encrypted files when a user loses his private-key? Without key backup, all messages and files that have been encrypted with his public-key can no longer be decrypted and are lost forever. A PKI must offer private-key backup and a private-key recovery mechanism such that the user can get back his private-key to be able to get access to his files11. 5) Key and certificate update: What happens when a certificate reaches or is near its expiry date? Keys and certificates have a finite lifetime. A PKI must offer a mechanism to at least update the expiry date for that certificate. Good practice though is to update the user’s keys and certificates. The key and certificate update can be automatic in which case the end user gets notified that his keys have been updated, or can require that the user performs an action during or before his keys and certificates expire; if this case, the PKI must inform the user that this action is required prior the expiry time of his keys and certificates. 6) Key history management: After several key updates, how will a user decide which private- key to use to decrypt files? Each key update operation generates new key pairs. Files that have been encrypted with previous public-keys can only be decrypted with their associated private-keys. Without key history management, the user would have to make decision on the key to use for decrypting files12.
11 Public Key Encryption and Digital Signature: How do they work? 7) Certificate access: How will a user, who wants to send a message to several recipients, get their certificates? A PKI must offer an easy and convenient way to make these certificates available. The use of an LDAP directory is commonly used for that purpose. 3.2 Support for non repudiation of digital signature One important point that has to be clarified is non-repudiation of digital signature. This notion refers to the fact that a user cannot deny having signed a given message. This implies that the user who signed the message is the only one who has access to the private-key used for signing. However, as we have seen above, in a managed PKI, private-keys are kept by the CA for key recovery purposes. Therefore, both the user and the CA know that private-key, which means that both can (in theory) use that key for signing a message. A user can then deny having signed that message. In order to avoid this situation and provide non-repudiation support, there must be a second key pair used for signature/verification purposes only. No backup is made for the signing private-keys, and only the user has access to it. In the case where the user loses his password, he loses his signing key as well. At key recovery time, the encryption/decryption key pair is given back to the user and a new signature/verification key pair is generated. This causes no problem since each time a user signs a document, the associated verification certificate is appended to it, so the document signature can always be verified at any time. 4. Conclusion Public-key is a very appealing and exciting technology, embedding both encryption and digital signature. This constitutes a breakthrough over symmetric-key cryptosystems. Beyond the mechanics, there is a need for an infrastructure, a PKI, which includes the tools to effectively manage and use keys and certificates. Section 3 gives a feel for how a well managed PKI addresses main issues related to key/certificate usage and management. This should be covered in more details in another article. Finally, beyond the infrastructure, there is a need for preparing, documenting and maintaining the infrastructure. From a technical point of view, implementing a PKI is a matter of days. From a business point of view, implementing a PKI is really another story, and yet another article. About CGI Founded 1976, CGI has worked with clients in a wide range of industries to help them leverage the strengths of information technology (IT) to optimize their business performance and produce value-driven results. We also offer a comprehensive array of business process outsourcing (BPO) services, enabling us to help manage and improve our clients’ day-to-day business processes while freeing them up to focus more on strategic decision making. Our consulting, systems integration and outsourcing services provide a total solution package designed to meet our clients’ complete business and technology needs. We approach every engagement with one objective in mind—to help our client win and grow. CGI provides services to clients worldwide from offices in Canada, the United States, Europe, as well as centers of excellence in India and Canada. To explore this topic and how we can help, contact your CGI account manager or visit http://www.cgi.com/web/en/head_office.htm for the location of the CGI office nearest you. Other information about CGI can be found at www.cgi.com.
12 Public Key Encryption and Digital Signature: How do they work? References Curry, Ian, Entrust Technologies, “Getting Acquainted With Entrust/Solo and Public-key Cryptography”, version 1.0, July 1997 Netscape, “Introduction to Public-Key Cryptography”, http://developer.netscape.com/docs/manuals/security/pkin/contents.htm Curry, Ian, Entrust Technologies, “Version 3 X.509 Certificates”, July 1996, version 1.0 Branchaud, Marc, “A Survey of Public-key Infrastructures”, Department of Computer Science, McGill University, Montreal, 1997 Curry, Ian, Entrust Technologies, “Key Update and the Complete story on the Need for Two Key Pairs”, version 1.2, August 2000 RSA, “Intro to PKCS Standards”, http://www.rsasecurity.com/solutions/developers/whitepapers/IntroToPKCSstandards.pdf IETF/PKIX web site, http://www.ietf.org/html.charters/pkix-charter.html Footnotes: 1 IETF/PKIX stands for Internet Engineering Task Force/Public-Key Infrastructure based on X509 certificates. PKCS stands for Public Key Cryptography Standards; these standards have been developed by RSA in conjunction with vendors like MicroSoft, Apple, Sun, etc.) 2 Infrastructures like Kerberos provide symmetric-key distribution and management. 3 Asymmetric-key vs symmetric-key is yet another differentiation between the two mechanisms. 4 Be careful not to confuse between the private-key mechanism and a private-key. In order to avoid any confusion, Symmetric-key will be used along this article when talking about the mechanism. 5 Some asymmetric-key algorithms: RSA, DSA and ECDSA. 6 Some symmetric-key algorithms: RC2, RC4, DES and triple-DES. 7 In fact, the message digest is most probably unique in the sense that it is almost impossible to find 2 meaningful messages and, at the same time, producing the same digest. Hence the probability that a tampered message produces the same digest as the original is almost zero. 8 Some hashing algorithms: SHA-1 and MD5. 9 In fact, all recipients would be able to decrypt their own copy of the SymK. All operations that follow can therefore be performed by every recipient. 10 As a reminder, a signature is the digest of a message (in this case, the message is CertB) encrypted using the issuer’s private-key (in this case the CA’s private-key). The CA’s signature verification process is identical to what is illustrated in Figure 4 where Bob verified Alice’s signature. 11 Private-key backup is also used for key escrow i.e. a way for the company or a legal third party to get access to the users files which may contain invaluable information that would otherwise be lost for ever. 12 For instance, suppose that at her last key update, Alice received PuKAn/PrKAn pair, and that Alice kept a message that has been encrypted with PuKA1, her first public-key. Then, she needs to use PrKA1 to decrypt the message.

Recomendados

Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 

Recomendados

Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptUday Meena
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys101 Blockchains
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureMohamed Talaat
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Symmetric Key Algorithm
Symmetric Key AlgorithmSymmetric Key Algorithm
Symmetric Key AlgorithmSHUBHA CHATURVEDI
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
Cryptography
CryptographyCryptography
CryptographyKalyani Government Engineering College
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Cryptography
CryptographyCryptography
CryptographyJens Patel
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmVinayak Raja
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Cryptography
CryptographyCryptography
Cryptographyjayashri kolekar
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Cryptography
CryptographyCryptography
Cryptographyamiable_indian
 
Public key cryptography
Public key cryptographyPublic key cryptography
Public key cryptographyIsrael Herraiz
 

Mais conteúdo relacionado

Mais procurados

symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationsarhadisoftengg
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmVinayak Raja
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 

Mais procurados (20)

symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Public Vs. Private Keys
Public Vs. Private KeysPublic Vs. Private Keys
Public Vs. Private Keys
 
DES
DESDES
DES
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash function
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Symmetric Key Algorithm
Symmetric Key AlgorithmSymmetric Key Algorithm
Symmetric Key Algorithm
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
 
Cryptography
CryptographyCryptography
Cryptography
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
Cryptography
CryptographyCryptography
Cryptography
 
Digital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA AlgorithmDigital Signature Recognition using RSA Algorithm
Digital Signature Recognition using RSA Algorithm
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 

Destaque

Public key cryptography
Public key cryptographyPublic key cryptography
Public key cryptographyIsrael Herraiz
 
Public Key Authentication With SSH
Public Key Authentication With SSHPublic Key Authentication With SSH
Public Key Authentication With SSHDon Norwood
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Joshua Thijssen
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecturebabak danyal
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 

Destaque (13)

Cryptography
CryptographyCryptography
Cryptography
 
Public key cryptography
Public key cryptographyPublic key cryptography
Public key cryptography
 
Public Key Authentication With SSH
Public Key Authentication With SSHPublic Key Authentication With SSH
Public Key Authentication With SSH
 
Alice & bob public key cryptography 101
Alice & bob public key cryptography 101Alice & bob public key cryptography 101
Alice & bob public key cryptography 101
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTION
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
Attack lecture #2 ppt
Attack lecture #2 pptAttack lecture #2 ppt
Attack lecture #2 ppt
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 

Semelhante a Public private key

CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismAmit Singh
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and securityresearch30
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSCAdv Prashant Mali
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
 
Module 21 (cryptography)
Module 21 (cryptography)Module 21 (cryptography)
Module 21 (cryptography)Wail Hassan
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityEditor IJCATR
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 
asymmetric encryption.pptx
asymmetric encryption.pptxasymmetric encryption.pptx
asymmetric encryption.pptxab2478037
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfYasmine Anino
 
Introduction of an SSL Certificate
Introduction of an SSL CertificateIntroduction of an SSL Certificate
Introduction of an SSL CertificateCheapSSLUSA
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Mumbai Academisc
 

Semelhante a Public private key (20)

CGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption MechanismCGI White Paper - Key Incryption Mechanism
CGI White Paper - Key Incryption Mechanism
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and security
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
What is digital signature or DSC
What is digital signature or DSCWhat is digital signature or DSC
What is digital signature or DSC
 
Cryptointro
CryptointroCryptointro
Cryptointro
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
Module 21 (cryptography)
Module 21 (cryptography)Module 21 (cryptography)
Module 21 (cryptography)
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
Analysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network SecurityAnalysis of Cryptographic Algorithms for Network Security
Analysis of Cryptographic Algorithms for Network Security
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
cryptography
cryptographycryptography
cryptography
 
asymmetric encryption.pptx
asymmetric encryption.pptxasymmetric encryption.pptx
asymmetric encryption.pptx
 
A Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdfA Survey on Cryptographic Techniques for Network Security.pdf
A Survey on Cryptographic Techniques for Network Security.pdf
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction of an SSL Certificate
Introduction of an SSL CertificateIntroduction of an SSL Certificate
Introduction of an SSL Certificate
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
Data encryption
Data encryptionData encryption
Data encryption
 
Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)Demonstration of secure socket layer(synopsis)
Demonstration of secure socket layer(synopsis)
 
Security pre
Security preSecurity pre
Security pre
 

Mais de StudsPlanet.com

Hardware enhanced association rule mining
Hardware enhanced association rule miningHardware enhanced association rule mining
Hardware enhanced association rule miningStudsPlanet.com
 
Hardware enhanced association rule mining
Hardware enhanced association rule miningHardware enhanced association rule mining
Hardware enhanced association rule miningStudsPlanet.com
 
Face recognition using laplacianfaces
Face recognition using laplacianfaces Face recognition using laplacianfaces
Face recognition using laplacianfaces StudsPlanet.com
 
Face recognition using laplacianfaces
Face recognition using laplacianfaces Face recognition using laplacianfaces
Face recognition using laplacianfaces StudsPlanet.com
 
Worldwide market and trends for electronic manufacturing services
Worldwide market and trends for electronic manufacturing servicesWorldwide market and trends for electronic manufacturing services
Worldwide market and trends for electronic manufacturing servicesStudsPlanet.com
 
World electronic industry 2008
World electronic industry 2008World electronic industry 2008
World electronic industry 2008StudsPlanet.com
 
Trompenaars cultural dimensions
Trompenaars cultural dimensionsTrompenaars cultural dimensions
Trompenaars cultural dimensionsStudsPlanet.com
 
The building of the toyota car factory
The building of the toyota car factoryThe building of the toyota car factory
The building of the toyota car factoryStudsPlanet.com
 
The International legal environment of business
The International legal environment of businessThe International legal environment of business
The International legal environment of businessStudsPlanet.com
 
Roles of strategic leaders
Roles of strategic leadersRoles of strategic leaders
Roles of strategic leadersStudsPlanet.com
 
Resolution of intl commr disputes
Resolution of intl commr disputesResolution of intl commr disputes
Resolution of intl commr disputesStudsPlanet.com
 
Presentation on india's ftp
Presentation on india's ftpPresentation on india's ftp
Presentation on india's ftpStudsPlanet.com
 

Mais de StudsPlanet.com (20)

Hardware enhanced association rule mining
Hardware enhanced association rule miningHardware enhanced association rule mining
Hardware enhanced association rule mining
 
Hardware enhanced association rule mining
Hardware enhanced association rule miningHardware enhanced association rule mining
Hardware enhanced association rule mining
 
Face recognition using laplacianfaces
Face recognition using laplacianfaces Face recognition using laplacianfaces
Face recognition using laplacianfaces
 
Face recognition using laplacianfaces
Face recognition using laplacianfaces Face recognition using laplacianfaces
Face recognition using laplacianfaces
 
Worldwide market and trends for electronic manufacturing services
Worldwide market and trends for electronic manufacturing servicesWorldwide market and trends for electronic manufacturing services
Worldwide market and trends for electronic manufacturing services
 
World electronic industry 2008
World electronic industry 2008World electronic industry 2008
World electronic industry 2008
 
Weberian model
Weberian modelWeberian model
Weberian model
 
Value orientation model
Value orientation modelValue orientation model
Value orientation model
 
Value orientation model
Value orientation modelValue orientation model
Value orientation model
 
Uk intellectual model
Uk intellectual modelUk intellectual model
Uk intellectual model
 
Trompenaars cultural dimensions
Trompenaars cultural dimensionsTrompenaars cultural dimensions
Trompenaars cultural dimensions
 
The building of the toyota car factory
The building of the toyota car factoryThe building of the toyota car factory
The building of the toyota car factory
 
The International legal environment of business
The International legal environment of businessThe International legal environment of business
The International legal environment of business
 
Textile Industry
Textile IndustryTextile Industry
Textile Industry
 
Sales
SalesSales
Sales
 
Roles of strategic leaders
Roles of strategic leadersRoles of strategic leaders
Roles of strategic leaders
 
Role of ecgc
Role of ecgcRole of ecgc
Role of ecgc
 
Resolution of intl commr disputes
Resolution of intl commr disputesResolution of intl commr disputes
Resolution of intl commr disputes
 
Presentation on india's ftp
Presentation on india's ftpPresentation on india's ftp
Presentation on india's ftp
 
Players in ib
Players in ibPlayers in ib
Players in ib
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

Public private key

  • 1. Public Key Encryption and Digital Signature: How do they work? Entire contents © 2004 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. White Paper Business solutions through information technology
  • 2. 2 Public Key Encryption and Digital Signature: How do they work? TA B LE O F C O N T E N T S INTRODUCTION 3 1. PUBLIC-KEY, WHAT IS IT? 3 1. 1 A DEFINITION 3 1.2 ENCRYPTION AND DECRYPTION 4 1.3 DIGITAL SIGNATURE AND VERIFICATION 4 1.4 BEYOND THE PRINCIPLES 5 1.5 IDENTITY AND KEYS 8 2. WHAT IS A CERTIFICATE 8 2.1 CERTIFICATE VALIDATION ADDED TO THE PROCESS 8 2.2 BEYOND THE MECHANICS 10 3. WHAT IS A PKI 10 3.1 KEY AND CERTIFICATE MANAGEMENT 10 3.2 SUPPORT FOR NON REPUDIATION OF DIGITAL SIGNATUR 11 4. CONCLUSION 11 ABOUT CGI 11 APPENDIX A: REFERENCES AND FOOTNOTES 12
  • 3. 3 Public Key Encryption and Digital Signature: How do they work? Introduction One of the major challenges facing consultants today is maintaining a level of knowledge of leading and emerging technologies, beyond the superficial or buzzword level. We need to develop a level of understanding that allows us to communicate effectively with both suppliers and customers. We then can demonstrate: • Our knowledge of the business issues being addressed; • The application of technology to providing solutions; • The business benefits for the customer; • The limitations that will remain and that will need to be mitigated in other ways. Public-key has been around for some time now. A lot of interesting work has been done in different committees (for instance IETF/PKIX and PKCS1) to define Public-key related standards and techniques. But, do we know what is in there? Do we know how it works? Let’s open the hood and take a look at the engine and at last, get into the details on how public- key encryption and digital signature really work. This article is a starting point to get a feel for a vast area named PKI (Public-Key Infrastructure). This includes the mechanics described in this article as well as an ensemble of software, hardware and processes governed by rules and standards converging to the high level of Trust required and expected by the Industry. 1. Public-key, what it is Public-key refers to a cryptographic mechanism. It has been named public-key to differentiate it from the traditional and more intuitive cryptographic mechanism known as: symmetric-key, shared secret, secret-key and also called private-key. Symmetric-key cryptography is a mechanism by which the same key is used for both encrypting and decrypting; it is more intuitive because of its similarity with what you expect to use for locking and unlocking a door: the same key. This characteristic requires sophisticated mechanisms to securely distribute the secret-key to both parties2. Public-key on the other hand, introduces another concept involving key pairs: one for encrypting, the other for decrypting. This concept, as you will see below, is very clever and attractive, and provides a great deal of advantages over symmetric-key: • Simplified key distribution • Digital Signature • Long-term encryption However, it is important to note that symmetric-key still plays a major role in the implementation of a Public-key Infrastructure or PKI. 1.1 A definition Public-key is commonly used to identify a cryptographic method that uses an asymmetric-key pair3: a public-key and a private-key 4. Public-key encryption uses that key pair for encryption and decryption. The public-key is made public and is distributed widely and freely. The private-key is never distributed and must be kept secret. Given a key pair, data encrypted with the public-key can only be decrypted with its private- key; conversely, data encrypted with the private-key can only be decrypted with its public- key. This characteristic is used to implement encryption and digital signature. Both encryption and digital signature principles are illustrated in Figure 1 and Figure 2.
  • 4. 4 Public Key Encryption and Digital Signature: How do they work? 1.2 Encryption and Decryption Encryption is a mechanism by which a message is transformed so that only the sender and recipient can see. For instance, suppose that Alice wants to send a private message to Bob. To do so, she first needs Bob’s public-key; since everybody can see his public-key, Bob can send it over the network in the clear without any concerns. Once Alice has Bob’s public-key, she encrypts the message using Bob’s public-key and sends it to Bob. Bob receives Alice’s message and, using his private-key, decrypts it. Figure 1: Encryption/Decryption principles 1.3 Digital Signature and Verification Digital signature is a mechanism by which a message is authenticated i.e. proving that a message is effectively coming from a given sender, much like a signature on a paper document. For instance, suppose that Alice wants to digitally sign a message to Bob. To do so, she uses her private-key to encrypt the message; she then sends the message along with her public-key (typically, the public key is attached to the signed message). Since Alice’s public-key is the only key that can decrypt that message, a successful decryption constitutes a Digital Signature Verification, meaning that there is no doubt that it is Alice’s private key that encrypted the message. Figure 2: Digital Signature/Verification principles Alice PuKeyBob Encryption/Decryption Bob PrKeyBob [Message]PuKeyBob Alice writes a message for Bob. In order to make sure that only Bob can look at this message, Alice encrypts it using Bob’s Public Key. Bob receives the message sent by Alice. In order for him to see what Alice put in her message, Bob decrypts it using his private key. Alice PrKeyAlice Digital Signature/Verification Bob PuKeyAlice [Message]PrKeyAlice Alice writes a message for Bob. In order to prove that the message has effectively been written by her, Alice signs it by encrypting the message using her Private key. Bob receives the message sent by Alice. In order for him to verify that the message is effectively coming from Alice, Bob decrypts it using Alice’s Public Key.
  • 5. 1.4 Beyond the principles The two previous paragraphs illustrate the encryption/decryption and signature/verification principles. Both encryption and digital signature can be combined, hence providing privacy and authentication. As mentioned earlier, symmetric-key plays a major role in public-key encryption implementations. This is because asymmetric-key encryption algorithms5 are somewhat slower than symmetric-key algorithms6. For Digital signature, another technique used is called hashing. Hashing produces a message digest that is a small and unique7 representation (a bit like a sophisticated checksum) of the complete message. Hashing algorithms8 are a one-way encryption, i.e. it is impossible to derive the message from the digest. The main reasons for producing a message digest are: 1 The message integrity being sent is preserved; any message alteration will immediately be detected; 2 The digital signature will be applied to the digest, which is usually considerably smaller than the message itself; 3 Hashing algorithms are much faster than any encryption algorithm (asymmetric or symmetric). The following sections explains what really happens when encrypting and signing a message on one hand, and when decrypting a message and verifying its signature on the other hand. 1.4.1 Steps for signing and encrypting a message Figure 3 below shows the set of operations required when Alice wants to send a signed and encrypted message to Bob. Figure 3: Signature and Encryption details with keys 5 Public Key Encryption and Digital Signature: How do they work? Signature Legend Encryption Alice Alice sending a signed and encrypted message to Bob Bob Send Message to recipient 2b: Encrypt with SymK 1a: Calculate Digest 2c: Encrypt Symmetric Key 1b: Sign Digest 2a: Evalute SymK PrKA Alice’s Private Key PuKA Alice’s Public Key PuKB Bob’s Public Key SymK One time symmetric key Hash Hashing alogorithm [Message+[Digest]PrKA+PuKA]SymK+[SymK]PuKBSigned and Encrypted Message Message in Clear [Message+[Digest]PrKA +PuKA]SymK +SymK Message+[Digest]PrKA +PuKA Digest=[Message]Hash SymK
  • 6. 6 Public Key Encryption and Digital Signature: How do they work? 1) Message signature. Digital signature includes two steps: a) Message digest evaluation. The main purpose for evaluating a digest is to ensure that the message is kept unaltered; this is called message integrity. b) Digest signature. A signature is in fact an encryption using the issuer’s (Alice in this case) private-key. Included in the signature is also the hashing algorithm name used by the issuer. The issuer’s public-key is also appended to the signature. Doing so lets anyone decrypt and verify the signature using the issuer’s public-key and hashing algorithm. Given the properties of public-key encryption and hashing algorithms, the recipient has proof that: i) The issuer’s private-key has encrypted the digest; ii) The message is protected against any alteration. 2) Message encryption. Encryption includes the following 3 steps: a) Creation of a one time symmetric encryption/decryption key. Remember that encryption and decryption algorithms using asymmetric-keys are too slow to be used for long messages; symmetric-key algorithms are very efficient and are therefore used. b) Message encryption. The whole message (the message itself and the signature) is encrypted using SymK, the symmetric-key evaluated above. c) Symmetric-key encryption. SymK is also used by the recipient to decrypt the message. SymK must therefore be available to the recipient (Bob) only. The way to hide the Symk from everybody except the recipient is to encrypt it using the recipient’s public-key. Since SymK is a small piece of information compared to a message (that could be very long), the performance penalty associated with the relative inefficiency of asymmetric-key algorithms is acceptable. One interesting point to mention is that if Alice wants to send the same message to more than one recipient, say Bob and John for instance, the only additional operation to be performed is to repeat ‘step 2) c)’ for John. Hence, the message that both Bob and John would receive would look like: [Message+[Digest]PrKA+PuKA]SymK+[SymK]PuKB+[SymK]PuKJ . Notice that the exact same SymK will be used by Bob and John to decrypt the message.
  • 7. 7 Public Key Encryption and Digital Signature: How do they work? 1.4.2 Steps for Decrypting and verifying the signature of a message Figure 4 below shows the set of operations required when Bob wants to decrypt and verify the message sent by Alice. Figure 4: Decryption and verification details with keys 1) Message decryption. The decryption includes the following steps: a) Symmetric-key decryption. The one time symmetric-key has been used to encrypt the message. This key (SymK) has been encrypted using the recipient’s (Bob) public-key. Only Bob can decrypt SymK and use it to decrypt the message9. b) Message decryption. The message (which includes the message itself and the signature) is decrypted using SymK. 2) Signature verification. The signature verification includes the following 3 steps: a) Message digest decryption. The digest has been encrypted using the issuer’s (Alice) private-key. The digest is now decrypted using the issuer’s public-key included in the message. b) Digest evaluation. Since hashing is a one-way process i.e. the message cannot be derived from the digest itself, the recipient must re-evaluate the digest using the exact same hashing algorithm the issuer used. c) Digests comparison. The digest decrypted in a) and the digest evaluated in b) are compared. If there is a match, the signature has been verified, and the recipient can accept the message as coming unaltered from the issuer. If there is a mismatch this could mean that: i) The message has not been signed by the issuer or ii) The message has been altered. iii) In both cases, the message should be rejected. Decryption Legend Verification Alice Bob Decrypting and Verifying message sent by Alice Bob Message is decrypted and signature is verified 1a: Decrypt SymK with PrKB 2c: Compare Digests 2b: Evaluate Digest 2a: Decrypt Digest using PuKA 1b: Decrypt Message with SymK PrKA Alice’s Private Key PuKA Alice’s Public Key PuKB Bob’s Public Key SymK One time symmetric key Hash Hashing alogorithm = Digest = [Message]HASH Digest [Message+[Digest]PrKA +PuKA] Message in Clear [Message+[Digest]PrKA +PuKA]SymK +SymK[Message+[Digest]PrKA +PuKA]SymK +[SymK]PuKB
  • 8. 8 Public Key Encryption and Digital Signature: How do they work? 1.5 Identity and keys Until now, we have taken for granted the keys being used for encryption/decryption and digital signature/verification belong to Bob and Alice. How can we be sure that Alice is really Alice? And, how can Alice be sure that only Bob will see what she encrypted? So far, the only thing we know is that the user of a given key pair has signed and encrypted the message. But, is he really the owner? George, for instance, may have sent a message to Bob pretending that he is Alice; Bob cannot tell whether or not it is Alice or George who is sending the message. The same applies to Bob’s public-key. This issue is solved by the use of certificates. 2. What is a Certificate A certificate is a piece of information that proves the identity of a public-key’s owner. Like a passport, a certificate provides recognized proof of a person’s (or entity) identity. Certificates are signed and delivered securely by a trusted third party entity called a Certificate Authority (CA). As long as Bob and Alice trust this third party, the CA, they can be assured that the keys belong to the persons they claim to be. A certificate contains among other things: 1) The CA’s identity 2) The owner’s identity 3) The owner’s public-key 4) The certificate expiry date 5) The CA’s signature of that certificate 6) Other information that is beyond the scope of this article. With a certificate instead of a public-key, a recipient can now verify a few things about the issuer to make sure that the certificate is valid and belongs to the person claiming its ownership: 1) Compare the owner’s identity 2) Verify that the certificate is still valid 3) Verify that the certificate has been signed by a trusted CA 4) Verify the issuer’s certificate signature, hence making sure it has not been altered. Bob can now verify Alice’s certificate and be assured that it is Alice’s private-key that has been used to sign the message. Alice must be careful with her private-key and must not divulge how to get to it; by doing so, she is enforcing one aspect of the non-repudiation feature associated with her digital signature. As will be seen in section 3.2, there is more to consider for effective non-repudiation support. Note that certificates are signed by a CA, which means that they cannot be altered. In turn, the CA signature can be verified using that CA’s certificate. 2.1 Certificate validation added to the process When Alice encrypts a message for Bob, she uses Bob’s certificate. Prior to using the public-key included in Bob’s certificate, some additional steps are performed to validate Bob’s certificate: 1) Validity period of Bob’s certificate 2) The certificate belongs to Bob 3) Bob’s certificate has not been altered 4) Bob’s certificate has been signed by a trusted CA Additional steps would be required to validate the CA’s certificate in the case where Alice does not trust Bob’s CA. These steps are identical to the ones requires to validate Bob’s certificate. In the example below, it is assumed that both Bob and Alice trust that CA.
  • 9. 9 Public Key Encryption and Digital Signature: How do they work? Figure 5: Signature and Encryption details with certificates In the Figure 5 above, a Certificate validation step is added to what is shown in Figure 3. Only the fields required for the validation of a certificate are displayed. Alice wants to make sure that the PuKB included in CertB belongs to Bob and is still valid. • She checks the Id field and finds BobId, which is Bob’s identity. In fact, the only thing she really knows is that this certificate appears to belong to Bob. • She then checks the validity fields and finds that the current date and time is within the validity period. So far the certificate seems to belong to Bob and to be valid. • The ultimate verification takes place by verifying CertB’s signature using the CA’s public- key (PuKCA found in CertCA)10. If CertB signature is ok, this means that: a) Bob’s certificate has been signed by the CA in which Alice and Bob has put all their trust. b) Bob’s certificate integrity is proven and has not been altered in any way. c) Bob’s identity is assured and the public-key included in the certificate is still valid and belongs to Bob. Therefore, Alice can encrypt the message and be assured that only Bob will be able to read it. Similar steps will be performed by Bob on Alice’s certificate before verifying Alice’s signature. Legend Alice sending a signed and encrypted message to Bob revisted PrKA Alice’s Private Key PrCA CA’s Private Key PrSi CertCA Signer’s Private Key PuKB Bob’s Public Key PuKCA CA’s Public Key CertA Alice’s Certificate CertB Bob’s Certificate CertCA CA’s Certificate SymK One time symmetric key Hash Hashing alogorithm BobId Bob’s Identity CAId CA’s Identity SiId CertCA Signer’s Id Validity Certificate’s Valid Period Signature Encryption Certificate Validation Alice Bob 1a: Calculate Digest OK 3c: Encrypt Symmetric Key 3b: Encrypt with SymK 1b: Sign Digest Verify CertB CertB BobId+Validity+PuKB+CAId+[Digest]PrCA CertCA CAId+Validity+PuKCA+SiId+[Digest]PrSi [Message+[Digest]PrKA +CertA]SymK +SymK [Message+[Digest]PrKA +CertA]SymK +[SymK]PuKB Message in Clear Signed and Encrypted Message [Message+[Digest]PrKA +CertA Digest=[Message]Hash Valid CertB SymK CertCA CertDB
  • 10. 10 Public Key Encryption and Digital Signature: How do they work? 2.2 Beyond the mechanics So far, this article covered in some details the public-key mechanics associated with encryption and digital signature. In section 2.1 the notion of Certificate Authority has been brought up. The CA is the heart of a Public-Key Infrastructure (PKI). 3. What is a PKI A PKI is a combination of software and procedures providing a means for managing keys and certificates, and using them efficiently. Just recall the complexity of the operations described earlier in this article for having a feel on the absolute necessity to provide users with appropriate software support for encryption and digital signature. But nothing has been said yet about management. 3.1 Key and certificate management Key and certificate management is the set of operations required to create and maintain keys and certificates. The following is the list of the major points being addressed in a managed PKI: 1) Key and certificate creation: How to generate key pairs? How to issue certificates to the users? A PKI must offer software support for key pair generation as well as certificate requests. In addition, procedures must be put in place to verify the user identity prior to allowing him to request a certificate. 2) Private-key protection: How will the user protect his private-key against misuse by other malicious users? Certificates are widely accessible because they are used for either encryption or signature verification. Private-keys require some reasonable level of protection because they are used either for decryption or for digital signature. A strong password mechanism must be part of the features of an effective PKI. 3) Certificate revocation: How to handle the situation where a user’s private-key has been compromised? Similarly, how to handle the situation where an employee leaves the company? How to know whether or not a certificate has been revoked? A PKI must provide a means by which a certificate can be revoked. Once revoked, this certificate must be included in a revocation list that is available to all users. A mechanism must be provided to verify that revocation list and refuse to use a revoked certificate. 4) Key backup and recovery: What happens to encrypted files when a user loses his private-key? Without key backup, all messages and files that have been encrypted with his public-key can no longer be decrypted and are lost forever. A PKI must offer private-key backup and a private-key recovery mechanism such that the user can get back his private-key to be able to get access to his files11. 5) Key and certificate update: What happens when a certificate reaches or is near its expiry date? Keys and certificates have a finite lifetime. A PKI must offer a mechanism to at least update the expiry date for that certificate. Good practice though is to update the user’s keys and certificates. The key and certificate update can be automatic in which case the end user gets notified that his keys have been updated, or can require that the user performs an action during or before his keys and certificates expire; if this case, the PKI must inform the user that this action is required prior the expiry time of his keys and certificates. 6) Key history management: After several key updates, how will a user decide which private- key to use to decrypt files? Each key update operation generates new key pairs. Files that have been encrypted with previous public-keys can only be decrypted with their associated private-keys. Without key history management, the user would have to make decision on the key to use for decrypting files12.
  • 11. 11 Public Key Encryption and Digital Signature: How do they work? 7) Certificate access: How will a user, who wants to send a message to several recipients, get their certificates? A PKI must offer an easy and convenient way to make these certificates available. The use of an LDAP directory is commonly used for that purpose. 3.2 Support for non repudiation of digital signature One important point that has to be clarified is non-repudiation of digital signature. This notion refers to the fact that a user cannot deny having signed a given message. This implies that the user who signed the message is the only one who has access to the private-key used for signing. However, as we have seen above, in a managed PKI, private-keys are kept by the CA for key recovery purposes. Therefore, both the user and the CA know that private-key, which means that both can (in theory) use that key for signing a message. A user can then deny having signed that message. In order to avoid this situation and provide non-repudiation support, there must be a second key pair used for signature/verification purposes only. No backup is made for the signing private-keys, and only the user has access to it. In the case where the user loses his password, he loses his signing key as well. At key recovery time, the encryption/decryption key pair is given back to the user and a new signature/verification key pair is generated. This causes no problem since each time a user signs a document, the associated verification certificate is appended to it, so the document signature can always be verified at any time. 4. Conclusion Public-key is a very appealing and exciting technology, embedding both encryption and digital signature. This constitutes a breakthrough over symmetric-key cryptosystems. Beyond the mechanics, there is a need for an infrastructure, a PKI, which includes the tools to effectively manage and use keys and certificates. Section 3 gives a feel for how a well managed PKI addresses main issues related to key/certificate usage and management. This should be covered in more details in another article. Finally, beyond the infrastructure, there is a need for preparing, documenting and maintaining the infrastructure. From a technical point of view, implementing a PKI is a matter of days. From a business point of view, implementing a PKI is really another story, and yet another article. About CGI Founded 1976, CGI has worked with clients in a wide range of industries to help them leverage the strengths of information technology (IT) to optimize their business performance and produce value-driven results. We also offer a comprehensive array of business process outsourcing (BPO) services, enabling us to help manage and improve our clients’ day-to-day business processes while freeing them up to focus more on strategic decision making. Our consulting, systems integration and outsourcing services provide a total solution package designed to meet our clients’ complete business and technology needs. We approach every engagement with one objective in mind—to help our client win and grow. CGI provides services to clients worldwide from offices in Canada, the United States, Europe, as well as centers of excellence in India and Canada. To explore this topic and how we can help, contact your CGI account manager or visit http://www.cgi.com/web/en/head_office.htm for the location of the CGI office nearest you. Other information about CGI can be found at www.cgi.com.
  • 12. 12 Public Key Encryption and Digital Signature: How do they work? References Curry, Ian, Entrust Technologies, “Getting Acquainted With Entrust/Solo and Public-key Cryptography”, version 1.0, July 1997 Netscape, “Introduction to Public-Key Cryptography”, http://developer.netscape.com/docs/manuals/security/pkin/contents.htm Curry, Ian, Entrust Technologies, “Version 3 X.509 Certificates”, July 1996, version 1.0 Branchaud, Marc, “A Survey of Public-key Infrastructures”, Department of Computer Science, McGill University, Montreal, 1997 Curry, Ian, Entrust Technologies, “Key Update and the Complete story on the Need for Two Key Pairs”, version 1.2, August 2000 RSA, “Intro to PKCS Standards”, http://www.rsasecurity.com/solutions/developers/whitepapers/IntroToPKCSstandards.pdf IETF/PKIX web site, http://www.ietf.org/html.charters/pkix-charter.html Footnotes: 1 IETF/PKIX stands for Internet Engineering Task Force/Public-Key Infrastructure based on X509 certificates. PKCS stands for Public Key Cryptography Standards; these standards have been developed by RSA in conjunction with vendors like MicroSoft, Apple, Sun, etc.) 2 Infrastructures like Kerberos provide symmetric-key distribution and management. 3 Asymmetric-key vs symmetric-key is yet another differentiation between the two mechanisms. 4 Be careful not to confuse between the private-key mechanism and a private-key. In order to avoid any confusion, Symmetric-key will be used along this article when talking about the mechanism. 5 Some asymmetric-key algorithms: RSA, DSA and ECDSA. 6 Some symmetric-key algorithms: RC2, RC4, DES and triple-DES. 7 In fact, the message digest is most probably unique in the sense that it is almost impossible to find 2 meaningful messages and, at the same time, producing the same digest. Hence the probability that a tampered message produces the same digest as the original is almost zero. 8 Some hashing algorithms: SHA-1 and MD5. 9 In fact, all recipients would be able to decrypt their own copy of the SymK. All operations that follow can therefore be performed by every recipient. 10 As a reminder, a signature is the digest of a message (in this case, the message is CertB) encrypted using the issuer’s private-key (in this case the CA’s private-key). The CA’s signature verification process is identical to what is illustrated in Figure 4 where Bob verified Alice’s signature. 11 Private-key backup is also used for key escrow i.e. a way for the company or a legal third party to get access to the users files which may contain invaluable information that would otherwise be lost for ever. 12 For instance, suppose that at her last key update, Alice received PuKAn/PrKAn pair, and that Alice kept a message that has been encrypted with PuKA1, her first public-key. Then, she needs to use PrKA1 to decrypt the message.