The world of encryption
2 likes809 views
The document provides an overview of encryption, digital signatures, and SSL certificates. It discusses how public key encryption uses a private key and public key to encrypt messages. Digital signatures authenticate the identity of the sender and ensure messages remain intact. SSL certificates allow browsers and servers to establish an encrypted connection by containing a public key and verifying identity with a Certificate Authority. The client's browser verifies the server's certificate with the CA to trust the secure connection.
The world of encryption
- 2. ABSTRACT THIS PRESENTATION IS JUST PROVIDING THE BASIC CONCEPTS OF THE DIGITAL CERTIFICATES, AND DIGITAL SIGNATURES WITHOUT PROVIDING ANY TECHNICAL SOLUTION OR PREFERABLE TECHNOLOGIES.
- 3. ENCRYPTION Encryption is the conversion of data into a form, called a CIPHER Text. The use of encryption/decryption is as old as the art of communication. Encryption/decryption is especially important in wireless communications. Encryption/decryption is a good idea when carrying out any kind of sensitive transaction. Ex: A credit-card purchase online, or the discussion of a company secret between different departments in the organization.
- 4. TYPES OF ENCRYPTION PRIVATE KEY ENCRYPTION means that each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to the other computer. PUBLIC KEY ENCRYPTION uses a combination of a private key and a public key. The key is based on a hash value. This is a value that is computed from a base input number using a hashing algorithm.
- 5. DIGITAL SIGNATURES A DIGITAL SIGNATURE OR DIGITAL SIGNATURE SCHEME IS A MATHEMATICAL SCHEME FOR DEMONSTRATING THE AUTHENTICITY OF A DIGITAL MESSAGE OR DOCUMENT. A DIGITAL SIGNATURE CAN BE USED WITH ANY KIND OF MESSAGE, WHETHER IT IS ENCRYPTED OR NOT, SIMPLY SO THAT THE RECEIVER CAN BE SURE OF THE SENDER'S IDENTITY AND THAT THE MESSAGE ARRIVED INTACT.
- 6. CREATION OF DIGITAL SIGNATURES a digital signature scheme typically consists of three algorithms: • hashing algorithm. • signature generation algorithm • a signature verifying algorithm that, given a message, public key and a signature, either accepts or rejects the message's claim to authenticity.
- 7. METHODS OF ENCRYPTION BASED ON PRIVACY •a message may be digitally signed, but not encrypted •a message may be encrypted first, then digitally signed •a message may be digitally signed first, then encrypted Encryption scrambles or modifies a message or document so it cannot be read and understood, except by the intended recipient. A key is necessary to reverse the scrambling or modification, to make the message readable.
- 8. PREREQUISITES TO CREATE A DIGITAL SIGNATURE • Public-private digital key pair • Certificate Authority. • The public key certificate creates proof of the identity of the signer by using the services of a certificate authority. • A certificate authority uses a variety of processes to associate the particular public key with an individual. • The combination of public key and proof of identity result in a public key certificate - also called a signer's certificate.
- 11. SECURE SOCKET LAYER (SSL) SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client
- 12. Where Do Certificates Come In? All browsers have the capability to interact with secured web servers using the SSL protocol. However, the browser and the server need what is called an SSL Certificate to be able to establish a secure connection.
- 13. What is an SSL Certificate? How Does it Work? SSL Certificates have a key pair: a public and a private key. These keys work together to establish an encrypted connection. The certificate also contains what is called the “subject,” which is the identity of the certificate/website owner.
- 14. How Does it Work? • To get a certificate, you must create a Certificate Signing Request (CSR) on your server. • This process creates a private key and public key on your server. • The CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA) contains the public key. • The CA uses the CSR data file to create a data structure to match your private key without compromising the key itself. The CA never sees the private key.
- 15. Certification Authority (CA) •A trusted agent who certifies public keys for general use (Corporation or Bank). –User has to decide which CAs can be trusted. •The model for key certification based on friends and friends of friends is called “Web of Trust”. –The public key is passing from friend to friend. –Works well in small or high connected worlds. –What if you receive a public key from someone you don’t know?
- 16. (CA MODEL) TRUST MODEL Root Certificate CA Certificate Browser Cert. CA Certificate Server Cert.
- 17. SSL Walkthrough
- 18. Client Browser connects to website Web Server Step 1: Client accesses website
- 19. Client Server responds with Certificate and key Web Server Step 2: Server responds with Certificate
- 20. Client Web Server CA Client verifies certificate with CA Step 3: Client verifies with CA
- 21. Client Web Server Random Key Client sends a random key to server encrypted with the public key Step 4: Client sends random key to server
- 22. Client Web Server Random Key Step 5: All communications are now encrypted with the Random key
- 23. What is the difference between Server Certificate and Client Certificate? How can I differentiate between them? How does IIS distinguish between Client and Server Certificates? Can I use a Server Certificate as a Client Certificate or Vice-Versa?
Editor's Notes
- #4: Symmetric Encryption Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key. Asymmetric Encryption The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is asymmetric encryption, in which there are two related keys--a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it. Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key. This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.
- #5: Public Key cryptography also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked. The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature. The term "asymmetric" stems from the use of different keys to perform these opposite functions, each the inverse of the other – as contrasted with conventional ("symmetric") cryptography which relies on the same key to perform both, Public-key encryption, in which a message is encrypted with a recipient's public key. The message cannot be decrypted by anyone who does not possess the matching private key, who is thus presumed to be the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality.
- #10: Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.