Digital certificates
Download as PPTX, PDF0 likes3,449 views
This document discusses the history and uses of cryptography and digital certificates. It provides an overview of how public key infrastructure (PKI) uses public and private key pairs to securely exchange information over networks. A certification authority (CA) is responsible for issuing digital certificates which contain a public key and verify identity. PKI and digital certificates are used for applications like encryption, digital signatures, authentication, and secure communication protocols.
Digital certificates
- 2. Cryptography History • Cryptography is the art of encrypting and decrypting information • The earliest known use of cryptography was the Egyptians in 1900BC • Julius Ceaser use a simple substituion cipher to secure his communications • Thomas Jefferson, in 1790, invented a cipher wheel that the US Navy used in WWII • In the late 20s and early 30s, the FBI established an office to combat the increasing use of cryptography by criminals (rum runners) • Dr. Hosrt Feistel invented the precusor to DES while at IBM • In 1976, the Federal Govt introduced DES based on using Feistel ciphers • In 1977, Scientific American magazine introduced us to Rivest, Shamir and • Aldeman or RSA encryption. They offered it for free with a self addressed • envelope and the NSA promptly freaked out • 1990 brought us the 128 bit cipher called “IDEA” • X.500 was the orginal protocol in 1988 • X.509 V3 was released in 1996 2
- 3. (X.509 digital certificates)what for ● 802.1x port authentication ● Digital Signatures ● File Encryption ● Web Authorization (SSL) ● IP Security (end-point to end-point) ● Secure Email ● VPNs 3
- 4. Digital Certificate Electronic Certificate it contains information about an individual or entity. It Is issued from a trusted 3rd party. Contains information that can prove its authenticity. Has an expiration date.It Is presented to someone (or some thing) for validation. (Ex. driver’s license or passport) 4
- 5. Introduction to Public Key Infrastructure (PKI) PKI is a security architecture that has been introduced to provide an increased level of confidence for exchanging information over an increasingly insecure Internet. Public |<>| Private 5
- 6. The Public Key used for Encryption Another person uses your public encryption key when they want to send you confidential information. The information to be sent is encrypted using your public key*. You can provide your public key to the sender, or it can be retrieved from the directory in which it is published. 6
- 7. The Private Key used for Decryption A private key is used to decrypt information that has been encrypted using its corresponding public key. The person using the private key can be certain that the information it is able to decrypt must have been intended for them, but they cannot be certain who the information is from. 7
- 8. Plain text Encrypt with B’s public key Plain text Decrypt with B’s private key Sender (A) Netwo rk Receiver (B) Cipher text Cipher text 8
- 9. Customer A Customer B Customer C Bank’s public key Bank’s public key Bank’s public key Bank’s private key Bank 9
- 10. C1(S1) C4(S4) C2(S2) C3(S3) S1 S2 S3 S4 Certificate Servers Certificate Generator 10
- 11. Certification Authority (CA) It Is a combination of hardware and software which is responsible for creating digital certificates It can issue certificates to individuals, organizations, network devices, servers, or other CAs 11
- 12. Support for Windows / Linux • Outlook • Lotus Notes • Netscape / Mozilla • Thunderbird 12
- 13. PKI (Public Key Infrastructure) -Infrastructure using pairs of public and private keys to ensure privacy and security of data. Private Key -One half of the PKI key pair and which is never given out to anyone. This key can be protected by a password. Public Key -The second half of the PKI key pair that can be given out to the public or placed on a key server. CA (Certificate Authority) (Ex. DNS) -A trusted authority that signs your certificates and validates the certificate. Terminology 13
- 14. Self Signed Certificate – A digital certificate that you signed and validated using a private CA and is not trusted by default in the real world. SSL (Secure Socket Layer) – A protocol developed by Netscape to provide a secure method of exchanging data using a browser over a public network such as the internet. Hash -Hashing is taking a file and applying a hashing algorithm to it and generating a mathematical checksum. RSA (Rivest, Shamir and Aldeman) – A public key cipher that can be used to encrypt and to digitally sign. DSA (Digital Signing Algorithm) – Like RSA, it is a public key cipher but it can only be used to digitally sign. PKCS#12 (Personal Information Exchange Syntax) – A portable container file format that can be used to transfer certificates and private keys. Terminology 14
- 15. algorithm MD5 – Message Digest 5. Hash algorithm that was released in 1991. SHA1 – Secure Hash Algorithm version 1 ciper was released in 1995. There are improved versions of SHA collectively called “SHA2” 15