THE WORLD OF ENCRYPTION
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
THE
WORLD OFENCRYPTION
ABSTRACT
THIS PRESENTATION IS JUST PROVIDING THE BASIC CONCEPTS OF THE DIGITAL
CERTIFICATES, AND DIGITAL SIGNATURES WITHOUT PROVIDING ANY TECHNICAL
SOLUTION OR PREFERABLE TECHNOLOGIES.
ENCRYPTION
Encryption is the conversion of data into a form, called a CIPHER Text.
The use of encryption/decryption is as old as the art of communication.
Encryption/decryption is especially important in wireless communications.
Encryption/decryption is a good idea when carrying out any kind of sensitive transaction.
Ex: A credit-card purchase online, or the discussion of a company secret between different departments in the organization.
TYPES OF ENCRYPTION
PRIVATE KEY ENCRYPTION means that each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to the other computer.
PUBLIC KEY ENCRYPTION uses a combination of a private key and a public key.
The key is based on a hash value. This is a value that is computed from a base input number
using a hashing algorithm.
DIGITAL SIGNATURES
A DIGITAL SIGNATURE OR DIGITAL SIGNATURE SCHEME IS A MATHEMATICAL SCHEME FOR DEMONSTRATING THE AUTHENTICITY OF A DIGITAL MESSAGE OR DOCUMENT.
A DIGITAL SIGNATURE CAN BE USED WITH ANY KIND OF MESSAGE, WHETHER IT IS ENCRYPTED OR NOT, SIMPLY SO THAT THE RECEIVER CAN BE SURE OF THE SENDER'S IDENTITY AND THAT THE MESSAGE ARRIVED INTACT.
CREATION OF DIGITAL SIGNATURES
a digital signature scheme typically
consists of three algorithms:
• hashing algorithm.• signature generation algorithm• a signature verifying algorithm that, given a message, public
key and a signature, either accepts or rejects the message's claim to authenticity.
METHODS OF ENCRYPTION BASED ON PRIVACY
•a message may be digitally signed, but not encrypted
•a message may be encrypted first, then digitally signed
•a message may be digitally signed first, then encrypted
Encryption scrambles or modifies a message or document so it cannot be read and understood, except by the intended recipient.
A key is necessary to reverse the scrambling or modification, to make the message readable.
PREREQUISITES TO CREATE A DIGITAL SIGNATURE
• Public-private digital key pair
• Certificate Authority.
• The public key certificate creates proof of the identity of the signer by using the services of a certificate authority.
• A certificate authority uses a variety of processes to associate the particular public key with an individual.
• The combination of public key and proof of identity result in a public key certificate - also called a signer's certificate.
HOW IT WORKS?
DIGITAL SIGNATURE VERIFICATION
SECURE SOCKET LAYER (SSL)
SSL (Secure Sockets Layer) is a standard security
technology for establishing an encrypted link between a
server and a client—typically a web server (website)
and a browser; or a mail server and a mail client
Where Do Certificates Come In?
All browsers have the capability to interact with secured web
servers using the SSL protocol. However, the browser and the
server need what is called an SSL Certificate to be able to
establish a secure connection.
What is an SSL Certificate? How Does it Work?
SSL Certificates have a key pair: a public and a
private key. These keys work together to
establish an encrypted connection. The certificate
also contains what is called the “subject,” which is
the identity of the certificate/website owner.
How Does it Work?
• To get a certificate, you must create a Certificate Signing Request (CSR) on your server.
• This process creates a private key and public key on your server.
• The CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA) contains the public key.
• The CA uses the CSR data file to create a data structure to match your private key without compromising the key itself. The CA never sees the private key.
Certification Authority (CA)
•A trusted agent who certifies public keys for general use (Corporation or Bank).
–User has to decide which CAs can be trusted.
•The model for key certification based on friends and friends of friends is called “Web of Trust”.
–The public key is passing from friend to friend.
–Works well in small or high connected worlds.
–What if you receive a public key from someone you don’t know?
(CA MODEL) TRUST MODEL
Root Certificate
CA Certificate
Browser Cert.
CA Certificate
Server Cert.
SSL Walkthrough
Client
Browser connects to website
Web Server
Step 1: Client accesses website
Client
Server responds with Certificate and key Web Server
Step 2: Server responds with Certificate
Client Web Server
CA
Client verifies certificate with CA
Step 3: Client verifies with CA
Client Web Server
Random Key
Client sends a random key to server encrypted with the public key
Step 4: Client sends random key to server
Client Web Server
Random Key
Step 5: All communications are now encrypted with the Random key
What is the difference between Server Certificate and Client Certificate?
How can I differentiate between them?
How does IIS distinguish between Client and Server Certificates?
Can I use a Server Certificate as a Client Certificate or Vice-Versa?
References
https://www.globalsign.com/en/ssl-information-center/what-is-an-ssl-certificate/
https://www.evsslcertificate.com/ssl/description-ssl.html
http://www.techtarget.com/
http://www.symantec.com/connect/blogs/client-certificates-vs-server-certificates-what-s-difference
http://blogs.msdn.com/b/kaushal/archive/2012/02/18/client-certificates-v-s-server-certificates.aspx
http://blogs.msdn.com/b/kaushal/archive/2010/11/05/ssl-certificates.aspx
Related Documents
