Public key encryption uses key pairs (public and private keys) to encrypt and decrypt messages. Digital signatures use key pairs to authenticate messages. When Alice encrypts a message for Bob:
1) She calculates a digest of the message and signs it with her private key.
2) She encrypts the message and signature with a symmetric key.
3) She encrypts the symmetric key with Bob's public key.
When Bob receives the message, he decrypts the symmetric key with his private key and uses it to decrypt and verify the message and signature. Certificates are used to validate the identity of public key owners through a trusted certificate authority.
CGI White Paper - Key Incryption MechanismAmit Singh
This white paper discusses public key encryption and digital signatures. It begins by defining public key cryptography and explaining how it works using asymmetric key pairs for encryption/decryption and digital signatures. It then discusses how certificates are used to validate identities and keys. Certificates contain a user's public key and identity information, signed by a certificate authority, allowing identities to be verified. The paper also explains how digital signatures, encryption, and certificates are implemented in practice when sending signed and encrypted messages.
This document provides an introduction to digital signatures, including an overview of encryption, hashing, digital signature creation and verification, and different digital signature schemes like RSA, ElGamal, and Schnorr. It also discusses the legal aspects and advantages/disadvantages of digital signatures.
Digital signatures provide authentication, integrity, and non-repudiation for digital documents and messages. They work by using public key cryptography where a private key is used to sign a message hash and the corresponding public key can then verify that the signature is valid. Digital signatures are important for electronic transactions and communications where the identity of the sender and the integrity of the message need to be assured. However, digital signatures are only as secure as the private keys used to create them.
This document summarizes a seminar presentation on public key infrastructure (PKI). It discusses key concepts of PKI including digital signatures, certificates, validation, revocation, and the roles of certification authorities. The presentation covers how asymmetric encryption, hashing, and digital signatures enable secure authentication and authorization in a PKI. It also examines the entities, operations, and technologies involved in implementing and managing a PKI, such as certificate authorities, registration authorities, key generation and storage, and certification revocation lists.
This chapter discusses digital signatures, which allow a message to be signed digitally to provide authentication, integrity, and non-repudiation. It compares digital and conventional signatures, explaining the digital signature process involves separately sending the message and signature. Digital signatures provide message authentication, integrity, and non-repudiation, but not confidentiality. The chapter describes various digital signature schemes like RSA, ElGamal, and Schnorr, as well as the Digital Signature Standard. It also covers attacks on digital signatures and applications of digital signatures.
This ppt all about digital signature. In this PPT we cover about the Digital Signature and its Security Service provided by digital signature and different attack on digital signature. In this we also cover some digital signature schemes, including RSA algorithm and at the end some applications of digital signatures.
Second presentation of Mike Dance's Cryptography series, it aims to provide an overview of digital signature and define the terminology used for digital signatures.
Mike Dance is a web developer and Bitcoin advocate.
----------
Presented at the BitcoinSYD Meetup on 18 February 2015
Cryptography is an essential part of today's information systems and helps provide security, accountability, and confidentiality. There are three main types of cryptographic algorithms: secret key cryptography which uses a single key, public key cryptography which uses different keys for encryption and decryption, and hash functions which use a mathematical transformation to encrypt information. A hybrid cryptographic scheme combines these techniques to securely transmit messages with a digital envelope for encryption and a digital signature for authentication and integrity.
CGI White Paper - Key Incryption MechanismAmit Singh
This white paper discusses public key encryption and digital signatures. It begins by defining public key cryptography and explaining how it works using asymmetric key pairs for encryption/decryption and digital signatures. It then discusses how certificates are used to validate identities and keys. Certificates contain a user's public key and identity information, signed by a certificate authority, allowing identities to be verified. The paper also explains how digital signatures, encryption, and certificates are implemented in practice when sending signed and encrypted messages.
This document provides an introduction to digital signatures, including an overview of encryption, hashing, digital signature creation and verification, and different digital signature schemes like RSA, ElGamal, and Schnorr. It also discusses the legal aspects and advantages/disadvantages of digital signatures.
Digital signatures provide authentication, integrity, and non-repudiation for digital documents and messages. They work by using public key cryptography where a private key is used to sign a message hash and the corresponding public key can then verify that the signature is valid. Digital signatures are important for electronic transactions and communications where the identity of the sender and the integrity of the message need to be assured. However, digital signatures are only as secure as the private keys used to create them.
This document summarizes a seminar presentation on public key infrastructure (PKI). It discusses key concepts of PKI including digital signatures, certificates, validation, revocation, and the roles of certification authorities. The presentation covers how asymmetric encryption, hashing, and digital signatures enable secure authentication and authorization in a PKI. It also examines the entities, operations, and technologies involved in implementing and managing a PKI, such as certificate authorities, registration authorities, key generation and storage, and certification revocation lists.
This chapter discusses digital signatures, which allow a message to be signed digitally to provide authentication, integrity, and non-repudiation. It compares digital and conventional signatures, explaining the digital signature process involves separately sending the message and signature. Digital signatures provide message authentication, integrity, and non-repudiation, but not confidentiality. The chapter describes various digital signature schemes like RSA, ElGamal, and Schnorr, as well as the Digital Signature Standard. It also covers attacks on digital signatures and applications of digital signatures.
This ppt all about digital signature. In this PPT we cover about the Digital Signature and its Security Service provided by digital signature and different attack on digital signature. In this we also cover some digital signature schemes, including RSA algorithm and at the end some applications of digital signatures.
Second presentation of Mike Dance's Cryptography series, it aims to provide an overview of digital signature and define the terminology used for digital signatures.
Mike Dance is a web developer and Bitcoin advocate.
----------
Presented at the BitcoinSYD Meetup on 18 February 2015
Cryptography is an essential part of today's information systems and helps provide security, accountability, and confidentiality. There are three main types of cryptographic algorithms: secret key cryptography which uses a single key, public key cryptography which uses different keys for encryption and decryption, and hash functions which use a mathematical transformation to encrypt information. A hybrid cryptographic scheme combines these techniques to securely transmit messages with a digital envelope for encryption and a digital signature for authentication and integrity.
Iaetsd a survey on cloud storage security withIaetsd Iaetsd
This document discusses signcryption as a method for secure cloud storage. It begins with an abstract that introduces signcryption as a public key cryptographic method that achieves confidentiality and unforgeability with less overhead than digital signatures followed by encryption. The introduction provides more details on signcryption and its advantages over separate signing and encryption. It then discusses related work on address-based cryptography, key aggregate cryptography, and time-bound hierarchical key assignment schemes. The document focuses on how signcryption can provide high security for sharing data through cloud storage.
This document discusses email security and the Pretty Good Privacy (PGP) encryption software. It describes why email security is important given threats like loss of confidentiality and integrity. It then provides details on PGP, including how it uses public/private key encryption and digital signatures to encrypt messages and authenticate senders. PGP uses symmetric encryption of messages and asymmetric encryption of session keys, storing keys in a local ring. The document discusses PGP key management and its use of a web of trust model without a central authority.
http://www.skyriver.net/ - Skyriver Communications – Fixed Wireless Security. Skyriver is a leading business ISP, specializing in Fixed Wireless. Learn about Skyrivers’ innovative high performance broadband for business visit the site now.
A presentation explaining the concepts of public key infrastructure. It covers topics like Public Key Infrastructure (PKI) introduction, Digital Certificate, Trust Services, Digital Signature Certificate, TLS Certificate, Code Signing Certificate, Time Stamping, Email Encryption Certificate
Electronic mail security requires confidentiality, authentication, integrity, and non-repudiation. Privacy Enhanced Mail (PEM) and Pretty Good Privacy (PGP) provide these security services for email. PEM uses canonical conversion, digital signatures, encryption, and base64 encoding. PGP provides authentication via digital signatures and confidentiality through symmetric encryption of messages with randomly generated session keys. Secure/Multipurpose Internet Mail Extensions (S/MIME) also supports signed and encrypted email to provide security.
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
Pretty Good privacy. we will discuss in this document about the E-mail security protocol number 2 which is PGP, you will learn about the working of PGP, PGP Algorithms, PGP Key Rings, PGP Certificates and about the Web Trust in PGP.
Digital signatures provide a way to verify the authenticity and integrity of digital documents and messages. They use public key cryptography where a document or message is hashed, then encrypted with the sender's private key. The recipient can decrypt the signature with the sender's public key and verify that the message has not been altered by comparing the decrypted hash to a newly computed hash of the received message. Digital certificates typically contain the owner's public key, name, expiration date, issuer information, and digital signature to validate the identity of the owner.
The document discusses email security flaws and various techniques for encrypting email communications. It describes how email is currently sent in plain text over outdated protocols, revealing metadata in headers. Encryption methods like Public Key Infrastructure (PKI) and Pretty Good Privacy (PGP) aim to address these issues using public/private key encryption and decentralized authentication. Applications like GNU Privacy Guard have implemented these techniques, while future development focuses on end-to-end encryption and usability in projects like the Dark Mail Project.
The document discusses various aspects of securing e-commerce networks. It describes digital certificates which serve to verify identity and are issued by a certification authority. There are four main types of digital certificates. The document also discusses selecting network security technologies based on principles like defense in depth. Technologies discussed for securing networks and protocols include firewalls, intrusion detection systems, virtual private networks, secure sockets layer (SSL), secure hypertext transfer protocol (HTTPS), and public key infrastructure.
This document summarizes public-key cryptography. It discusses how public-key cryptography uses unique public and private keys to encrypt and decrypt messages securely. It describes how public-key encryption allows a sender to encrypt a message with the recipient's public key, while only the recipient's private key can decrypt it. It also explains how digital signatures allow a sender to encrypt a message with their private key for authentication, while the recipient can decrypt it with the sender's public key to verify identity and integrity. The document notes some vulnerabilities of public-key cryptography like longer key sizes and man-in-the-middle attacks, and how certificate authorities help address these issues.
This document summarizes encryption techniques for securing electronic mail. It describes Pretty Good Privacy (PGP), a popular encryption software, and S/MIME, an emerging industry standard. PGP provides authentication, confidentiality, compression, and other services. It segments long messages for transmission. S/MIME uses public-key encryption and certificates to provide encrypted and signed messages and is compatible with SMTP email.
IRJET- A Review on Implementation Techniques of Blockchain Enabled Smart Cont...IRJET Journal
This document provides a summary of blockchain and smart contracts for document verification. It discusses how blockchain uses cryptography and smart contracts to allow for verification of digital documents like degrees in a decentralized manner. Blockchain provides trust, autonomy, and integrity for such a system by storing document hashes and details securely on the distributed ledger. Smart contracts can then enable functions for users to validate certificates and degrees stored on the blockchain to avoid fraud.
International Journal of Engineering and Science Invention (IJESI)inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
PGP and S/MIME are two standards for securing email. PGP provides encryption and authentication independently of operating systems using symmetric and asymmetric cryptography. S/MIME uses X.509 certificates and defines how to cryptographically sign, encrypt, and combine MIME entities for authentication and confidentiality using algorithms like RSA, DSS, and 3DES. DKIM allows a sending domain to cryptographically sign emails to assert the message's origin and prevent spoofing, while the email architecture standards like RFC 5322 and MIME define message formatting and how attachments are represented.
This document provides a summary of key concepts around distributed systems security from the textbook "Distributed Systems: Concepts and Design". It covers security models, basic cryptographic techniques like secrecy, authentication and digital signatures. It also discusses symmetric and asymmetric encryption algorithms, certificates, access control and case studies of secure system design approaches and pragmatics. The learning objectives are to understand security threats and how techniques like cryptography can provide secure communication channels between principals in a distributed system.
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
Implementation of public key cryptography in kerberos with prevention 2IAEME Publication
This document summarizes a research paper that proposes implementing public key cryptography in Kerberos to prevent security attacks like replay attacks and password attacks. The paper describes how Kerberos currently uses symmetric key cryptography, which is vulnerable to such attacks. It then outlines a new method using both RSA and Diffie-Hellman public key algorithms. The proposed method has authentication and ticket granting servers maintain databases containing users' public keys and passwords. When a client authenticates, tickets are encrypted using the client's public key instead of a symmetric key. This integration of public key cryptography is designed to strengthen Kerberos authentication against replay and password attacks.
The document discusses the Certified Information Systems Security Professional (CISSP) certification. It notes that CISSP is an important global credential for information security professionals. To maintain the CISSP certification requires ongoing continuing professional education (CPE) credits. The document provides some book recommendations for studying for the CISSP exam and lists the official study guide from (ISC)2. It concludes by stating that the CISSP certification demonstrates expertise in information security.
This document outlines the key details for an exhibition space, including accommodating 81 storage places for objects, space for 28 workers, and 7 visitors. The main materials used are wood, concrete, and steel for the structure, with wood and plastic for storage and visitor areas.
This document describes a PhD thesis that aims to bridge the gap between item response theory (IRT) and structural equation modeling (SEM). It discusses how the two approaches are formally equivalent but have some differences in their measurement and structural models. The thesis involves describing matching IRT and SEM models, estimating structural models in SEM using two-stage least squares, and adding structural features to current IRT models. A simulation study is used to evaluate the accuracy of structural parameter estimates from a multi-step approach compared to true parameters and estimates from other software programs. Results show the regression coefficients, R-squared values, and standard errors are estimated accurately.
Iaetsd a survey on cloud storage security withIaetsd Iaetsd
This document discusses signcryption as a method for secure cloud storage. It begins with an abstract that introduces signcryption as a public key cryptographic method that achieves confidentiality and unforgeability with less overhead than digital signatures followed by encryption. The introduction provides more details on signcryption and its advantages over separate signing and encryption. It then discusses related work on address-based cryptography, key aggregate cryptography, and time-bound hierarchical key assignment schemes. The document focuses on how signcryption can provide high security for sharing data through cloud storage.
This document discusses email security and the Pretty Good Privacy (PGP) encryption software. It describes why email security is important given threats like loss of confidentiality and integrity. It then provides details on PGP, including how it uses public/private key encryption and digital signatures to encrypt messages and authenticate senders. PGP uses symmetric encryption of messages and asymmetric encryption of session keys, storing keys in a local ring. The document discusses PGP key management and its use of a web of trust model without a central authority.
http://www.skyriver.net/ - Skyriver Communications – Fixed Wireless Security. Skyriver is a leading business ISP, specializing in Fixed Wireless. Learn about Skyrivers’ innovative high performance broadband for business visit the site now.
A presentation explaining the concepts of public key infrastructure. It covers topics like Public Key Infrastructure (PKI) introduction, Digital Certificate, Trust Services, Digital Signature Certificate, TLS Certificate, Code Signing Certificate, Time Stamping, Email Encryption Certificate
Electronic mail security requires confidentiality, authentication, integrity, and non-repudiation. Privacy Enhanced Mail (PEM) and Pretty Good Privacy (PGP) provide these security services for email. PEM uses canonical conversion, digital signatures, encryption, and base64 encoding. PGP provides authentication via digital signatures and confidentiality through symmetric encryption of messages with randomly generated session keys. Secure/Multipurpose Internet Mail Extensions (S/MIME) also supports signed and encrypted email to provide security.
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)Vishal Kumar
Pretty Good privacy. we will discuss in this document about the E-mail security protocol number 2 which is PGP, you will learn about the working of PGP, PGP Algorithms, PGP Key Rings, PGP Certificates and about the Web Trust in PGP.
Digital signatures provide a way to verify the authenticity and integrity of digital documents and messages. They use public key cryptography where a document or message is hashed, then encrypted with the sender's private key. The recipient can decrypt the signature with the sender's public key and verify that the message has not been altered by comparing the decrypted hash to a newly computed hash of the received message. Digital certificates typically contain the owner's public key, name, expiration date, issuer information, and digital signature to validate the identity of the owner.
The document discusses email security flaws and various techniques for encrypting email communications. It describes how email is currently sent in plain text over outdated protocols, revealing metadata in headers. Encryption methods like Public Key Infrastructure (PKI) and Pretty Good Privacy (PGP) aim to address these issues using public/private key encryption and decentralized authentication. Applications like GNU Privacy Guard have implemented these techniques, while future development focuses on end-to-end encryption and usability in projects like the Dark Mail Project.
The document discusses various aspects of securing e-commerce networks. It describes digital certificates which serve to verify identity and are issued by a certification authority. There are four main types of digital certificates. The document also discusses selecting network security technologies based on principles like defense in depth. Technologies discussed for securing networks and protocols include firewalls, intrusion detection systems, virtual private networks, secure sockets layer (SSL), secure hypertext transfer protocol (HTTPS), and public key infrastructure.
This document summarizes public-key cryptography. It discusses how public-key cryptography uses unique public and private keys to encrypt and decrypt messages securely. It describes how public-key encryption allows a sender to encrypt a message with the recipient's public key, while only the recipient's private key can decrypt it. It also explains how digital signatures allow a sender to encrypt a message with their private key for authentication, while the recipient can decrypt it with the sender's public key to verify identity and integrity. The document notes some vulnerabilities of public-key cryptography like longer key sizes and man-in-the-middle attacks, and how certificate authorities help address these issues.
This document summarizes encryption techniques for securing electronic mail. It describes Pretty Good Privacy (PGP), a popular encryption software, and S/MIME, an emerging industry standard. PGP provides authentication, confidentiality, compression, and other services. It segments long messages for transmission. S/MIME uses public-key encryption and certificates to provide encrypted and signed messages and is compatible with SMTP email.
IRJET- A Review on Implementation Techniques of Blockchain Enabled Smart Cont...IRJET Journal
This document provides a summary of blockchain and smart contracts for document verification. It discusses how blockchain uses cryptography and smart contracts to allow for verification of digital documents like degrees in a decentralized manner. Blockchain provides trust, autonomy, and integrity for such a system by storing document hashes and details securely on the distributed ledger. Smart contracts can then enable functions for users to validate certificates and degrees stored on the blockchain to avoid fraud.
International Journal of Engineering and Science Invention (IJESI)inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
PGP and S/MIME are two standards for securing email. PGP provides encryption and authentication independently of operating systems using symmetric and asymmetric cryptography. S/MIME uses X.509 certificates and defines how to cryptographically sign, encrypt, and combine MIME entities for authentication and confidentiality using algorithms like RSA, DSS, and 3DES. DKIM allows a sending domain to cryptographically sign emails to assert the message's origin and prevent spoofing, while the email architecture standards like RFC 5322 and MIME define message formatting and how attachments are represented.
This document provides a summary of key concepts around distributed systems security from the textbook "Distributed Systems: Concepts and Design". It covers security models, basic cryptographic techniques like secrecy, authentication and digital signatures. It also discusses symmetric and asymmetric encryption algorithms, certificates, access control and case studies of secure system design approaches and pragmatics. The learning objectives are to understand security threats and how techniques like cryptography can provide secure communication channels between principals in a distributed system.
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
Implementation of public key cryptography in kerberos with prevention 2IAEME Publication
This document summarizes a research paper that proposes implementing public key cryptography in Kerberos to prevent security attacks like replay attacks and password attacks. The paper describes how Kerberos currently uses symmetric key cryptography, which is vulnerable to such attacks. It then outlines a new method using both RSA and Diffie-Hellman public key algorithms. The proposed method has authentication and ticket granting servers maintain databases containing users' public keys and passwords. When a client authenticates, tickets are encrypted using the client's public key instead of a symmetric key. This integration of public key cryptography is designed to strengthen Kerberos authentication against replay and password attacks.
The document discusses the Certified Information Systems Security Professional (CISSP) certification. It notes that CISSP is an important global credential for information security professionals. To maintain the CISSP certification requires ongoing continuing professional education (CPE) credits. The document provides some book recommendations for studying for the CISSP exam and lists the official study guide from (ISC)2. It concludes by stating that the CISSP certification demonstrates expertise in information security.
This document outlines the key details for an exhibition space, including accommodating 81 storage places for objects, space for 28 workers, and 7 visitors. The main materials used are wood, concrete, and steel for the structure, with wood and plastic for storage and visitor areas.
This document describes a PhD thesis that aims to bridge the gap between item response theory (IRT) and structural equation modeling (SEM). It discusses how the two approaches are formally equivalent but have some differences in their measurement and structural models. The thesis involves describing matching IRT and SEM models, estimating structural models in SEM using two-stage least squares, and adding structural features to current IRT models. A simulation study is used to evaluate the accuracy of structural parameter estimates from a multi-step approach compared to true parameters and estimates from other software programs. Results show the regression coefficients, R-squared values, and standard errors are estimated accurately.
This document provides 20 questions for directors to ask management about information technology security in their organization. It covers topics such as security governance, formalizing security through policies and frameworks, conducting risk assessments and mitigating risks, establishing a security function and organization, and monitoring security operations and compliance. The questions are intended to help boards of directors evaluate how well their organization is addressing IT security issues and managing related risks.
The National Cyber Security Strategy: Success Through CooperationMark Johnson
The document outlines the Netherlands' National Cyber Security Strategy. It discusses how society has become increasingly dependent on ICT and vulnerable to cyber threats. The strategy aims to improve cyber security through cooperation between public and private sectors. It establishes basic principles such as linking initiatives, public-private partnerships, individual responsibility, and proportional responses. The goal is to create a resilient digital infrastructure while respecting privacy and civil liberties.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
The document discusses digital signatures and public key infrastructure (PKI) for building trust in online transactions. It explains symmetric and asymmetric encryption techniques, including how public key encryption works using key pairs to ensure authentication, confidentiality, integrity and non-repudiation. Digital signatures encrypt a hash of a message with the sender's private key to verify authenticity and integrity without revealing the original message. A PKI uses digital certificates issued by a certificate authority to associate users with their public keys.
The document is an introduction to cryptography and digital signatures by Ian Curry from March 2001. It discusses the history of cryptography and the problem of key management. It then describes how public-key cryptography helped address key management issues for large networks by allowing secure distribution of public keys. The document also provides an overview of how Entrust uses a combination of symmetric and public-key cryptography to provide encryption, authentication, integrity, and non-repudiation for electronic communications like sending a secure electronic check. This includes digitally signing the check with a private key, encrypting it with a symmetric key, and securely delivering the symmetric key to the recipient using the recipient's public key.
Cryptography is the art of converting text into another form for secret transmission and reception. It works by converting plain text into cipher text using some encryption algorithm at the sender’s side and converting ciphertext into plain text at the receiver’s. Cryptography is used to provide confidentiality, integrity, authenticity and non-repudiation.
The document discusses the importance of information security for businesses. It outlines some key concepts in information security including confidentiality, integrity, availability, non-repudiation, authentication, and authorization. These concepts help mitigate risks like denial of service attacks, which can cause losses for small businesses. The document argues that while information security requires costs, it provides important benefits in protecting a business from various cyber threats and risks. Effective information security measures are essential for all businesses regardless of size.
Analysis of Cryptographic Algorithms for Network SecurityEditor IJCATR
This document discusses and analyzes various cryptographic algorithms used for network security. It begins with definitions of key cryptographic terms like plain text, cipher text, encryption, decryption, and keys. It then describes different types of cryptographic schemes, including symmetric, asymmetric, and hash functions. Specific algorithms are analyzed like DES, AES, RSA, and Diffie-Hellman. Factors to consider when selecting a cryptographic algorithm like speed, memory requirements, security needs, and data type are also discussed. Overall the document provides a comprehensive overview and comparison of cryptographic algorithms and their applications for network security.
International Refereed Journal of Engineering and Science (IRJES)irjes
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
This document discusses computer security and network cryptography. It begins by explaining how organizations can use cryptosystems like symmetric and asymmetric encryption to protect data. Symmetric encryption is faster but requires secure key exchange, while asymmetric encryption uses public and private key pairs. The document then defines cryptography terminology and components like plaintext, ciphertext, encryption, decryption, and cryptanalysis. It describes techniques like substitution and transposition ciphers. The rest of the document discusses encryption models, algorithms, and cryptanalysis methods like ciphertext-only and known-plaintext attacks.
Cryptography is a process that scrambles information to make it unreadable except by authorized parties. It has four basic parts: plaintext, ciphertext, cryptographic algorithms, and keys. Public key cryptography uses two keys - a private key that remains secret, and a public key that can be openly distributed. This allows secure transmission without pre-sharing secret keys. While public key cryptography has advantages for Internet use, it has disadvantages of slower transmission speeds and larger key sizes compared to symmetric cryptography.
Asymmetric encryption, also known as public-key cryptography, is a cryptographic system that uses a pair of keys for secure communication. Unlike symmetric encryption, where the same key is used for both encryption and decryption, asymmetric encryption employs two distinct keys: a public key and a private key.
Public Key:
The public key is widely shared and can be freely distributed. It is used to encrypt data or messages that are intended for the owner of the corresponding private key.
Public keys are typically used for encryption and verifying digital signatures.
Private Key:
The private key is kept secret and is known only to the key owner. It is used for decrypting messages that were encrypted with the corresponding public key.
Private keys are used for decryption and creating digital signatures.
How It Works:
If Alice wants to send a secure message to Bob, she uses Bob's public key to encrypt the message. Once encrypted, only Bob, with his private key, can decrypt and access the original message.
Digital signatures work in the opposite way. If Bob wants to sign a message to prove it comes from him, he uses his private key to create a unique digital signature. Others can verify the signature using Bob's public key, ensuring the message's authenticity and integrity.
Security:
Asymmetric encryption provides a higher level of security compared to symmetric encryption because compromising one key (either the public or private key) does not compromise the other.
The security of asymmetric encryption relies on the difficulty of certain mathematical problems, such as factoring large numbers, making it computationally infeasible to derive the private key from the public key.
Common Algorithms:
RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) are among the most widely used asymmetric encryption algorithms.
Applications:
Asymmetric encryption is used in various applications, including secure communication over the internet, digital signatures for authentication, and the establishment of secure channels in protocols like SSL/TLS.
In summary, asymmetric encryption is a crucial component of modern cryptographic systems, providing a secure means of communication and data protection in a digital world.
A Survey on Cryptographic Techniques for Network Security.pdfYasmine Anino
This document summarizes and compares several cryptographic techniques for network security, including AES, 3DES, Blowfish, and DES. It provides an overview of each algorithm, including key sizes and block sizes. AES is identified as providing better performance and security compared to other algorithms like 3DES and DES. The document also reviews related literature on encrypting data for network security and enhancing encryption methods. It concludes that AES is a better encryption algorithm than alternatives like 3DES and DES due to its performance and security against attacks like brute force.
Network security is important for business organizations and educational institutes to protect email communications, data distributions, stock trading, and distance learning from various threats like content theft, manipulation, masquerading, replay attacks, and denial of services. Cryptography provides security services like authentication, confidentiality, integrity, and access control through techniques like encryption, digital signatures, digital envelopes, and digital certificates to embed confidence in online activities like banking, trading, and purchases. Popular applications that use cryptography include PGP, IPsec, and SET, which aim to securely transmit information over the internet.
The document provides an overview of Secure Sockets Layer (SSL) and how it works. It discusses how SSL uses cryptography, digital signatures, and certificates to provide security for web traffic by ensuring confidentiality, message integrity, and authentication. It describes how SSL operates through the handshake protocol to negotiate encryption between clients and servers and the record protocol to encrypt data transfer. SSL termination devices are deployed to offload SSL processing from web servers and improve performance and scalability.
Encryption is a fundamental concept in cryptography that involves the process of converting plaintext (readable and understandable data) into ciphertext (encoded and unintelligible data) using a mathematical algorithm and an encryption key. The primary purpose of encryption is to ensure the confidentiality and privacy of sensitive information during transmission or storage.
In the encryption process:
1. **Plaintext:** This is the original, readable data that is to be protected. It could be a message, a file, or any form of digital information.
2. **Encryption Algorithm:** An encryption algorithm is a set of mathematical rules and procedures that transform the plaintext into ciphertext. Common encryption algorithms include Advanced Encryption Standard (AES), RSA, and Triple DES.
3. **Encryption Key:** The encryption key is a piece of information used by the encryption algorithm to perform the transformation. The key determines the specific pattern and method by which the plaintext is converted into ciphertext. The strength of the encryption often depends on the length and randomness of the key.
4. **Ciphertext:** This is the result of the encryption process—the transformed and encoded data that appears random and is indecipherable without the corresponding decryption key.
Encryption serves several important purposes in the field of cryptography:
- **Confidentiality:** The primary goal of encryption is to keep information confidential and secure from unauthorized access. Even if an unauthorized party intercepts the ciphertext, they should be unable to understand or decipher it without the correct decryption key.
- **Integrity:** Encryption helps ensure the integrity of data by providing a means to detect any unauthorized modifications. If the ciphertext is altered, the decryption process will produce incorrect results, alerting the recipient to potential tampering.
- **Authentication:** In some encryption scenarios, the use of digital signatures or authenticated encryption helps verify the origin and authenticity of the encrypted data.
- **Secure Communication:** Encryption is widely used to secure communication over networks, such as the internet. Protocols like HTTPS (HTTP Secure) use encryption to protect the confidentiality of data transmitted between a web browser and a web server.
- **Data-at-Rest Protection:** Encryption is applied to data stored on devices or servers, ensuring that even if physical access is gained, the data remains protected from unauthorized viewing.
In summary, encryption is a crucial tool in the field of cryptography, providing a means to safeguard the confidentiality, integrity, and authenticity of sensitive information in various digital environments.
The document discusses Secure Socket Layer (SSL) protocol and how it provides security for internet transactions. It explains that SSL uses cryptography, digital signatures, and certificates to provide confidentiality, message integrity, and authentication. It details how SSL works, including the handshake protocol for authentication and key exchange, the record protocol for encrypting data transfer, and SSL roles/elements like certificates and certificate authorities. The goal of the project is to implement a client and server that can securely communicate and transfer data using the SSL protocol.
This document discusses security precautions and encryption. It begins by describing encryption as encoding data into another form using a key so that intercepted data is meaningless without decrypting. There are two main encryption methods: symmetric key using the same secret key for encryption and decryption, and asymmetric key using a public/private key pair. Digital certificates and signatures are also discussed as a way to prove digital identity and verify message authenticity. UK computer crime law, the Computer Misuse Act of 1998, is summarized as prohibiting unauthorized computer access, access with criminal intent, and unauthorized/reckless computer impairment.
The document summarizes key concepts related to electronic documents and signatures. It begins with an outline of topics to be covered, including electronic identification, identity theft, technical introductions to concepts like cryptography, and regulatory frameworks. It then delves into each of these areas, providing definitions of terms like electronic signatures, advanced electronic signatures, signatories, signature creation data, and signature creation devices. Specific technologies like RSA algorithms, hash functions, and asymmetric cryptography are also explained at a high level.
This document discusses various aspects of network security, including:
1. Secure communication techniques like confidentiality, authentication, message integrity, and access control.
2. Encryption methods like symmetric encryption (DES, 3DES, AES), asymmetric encryption (RSA, Diffie-Hellman), and digital certificates.
3. Network security protocols like SSL/TLS, VPNs, and techniques for securing wireless networks like WEP.
This document contains a CISSP CBK review exam with 55 multiple choice questions covering various topics in cybersecurity. Some of the questions test knowledge of risk management, access controls, cryptography, security operations and incident response. The exam is assessing understanding of fundamental cybersecurity concepts as defined in the Common Body of Knowledge for the CISSP certification.
This document provides an overview of the Information Security Governance and Risk Management domain covered by the CISSP certification. It discusses key topics in this domain including information security concepts, risk management, policies, standards, procedures, data classification, risk assessment, and security controls. The document is divided into sections that define learning objectives, reference materials, and describe topics covered within the domain such as information security management, governance, classification, and the role of planning, policies, guidelines, standards, procedures, security training, and risk management practices and tools.
ISO/IEC 2700 outlines how to build and maintain an information security management system and served as a baseline for certification. It originated as the British Standard BS7799, which had two parts that described control objectives and controls to meet objectives, and how to set up a security program. ISO/IEC 27001 specifies the requirements for an information security management system against which an organization's compliance can be audited. ISO/IEC 27002 provides best practice recommendations for information security controls covering areas such as information security policies, asset management, and architecture.
This document discusses fundamentals of information security. It begins by defining information security and outlining general goals of confidentiality, integrity, and availability. It then discusses developing a security policy as the first step, followed by a security standards document. Various tools for implementing information security are described, including firewalls, intrusion detection systems, encryption, and virtual private networks. The goals of information security strategies are prevention, detection, and recovery. A culture of security is important for all levels of an organization. In conclusion, information security requires an ongoing, complex process involving policy, standards, education, and technology to be implemented successfully.
The Business Impact Analysis (BIA) should emphasize system dependencies to allow for proper prioritization. Authentication Header provides strong integrity, authentication, and may provide non-repudiation depending on the cryptographic algorithm and keying method used, while ESP provides integrity and confidentiality but does not provide non-repudiation or protection from traffic analysis. Extensible Authentication Protocol (EAP) is a framework that supports multiple authentication mechanisms for PPP including cleartext passwords, challenge-response, and arbitrary dialog sequences.
Business continuity planning and disaster recoverymadunix
The document discusses business continuity planning and disaster recovery. It provides definitions of business continuity planning, disaster recovery planning, and information systems business continuity planning. It outlines the tasks of an information systems auditor in evaluating business continuity plans, including assessing backup and restore provisions, disaster recovery plans, and the organization's ability to continue essential operations during disruptions. The document also discusses other planning issues like involving relevant organizational units, risk assessments, and documentation of plans.
This document outlines the rules for Zambia's Central Securities Depository (CSD) system. Some key points:
1. The CSD is operated by the Bank of Zambia and maintains records of ownership and settles transactions for securities issued by the Zambian government and other eligible issuers.
2. Eligible securities include government bonds, treasury bills, and other instruments issued through the CSD system. The CSD record serves as the primary register of ownership.
3. Transactions can settle on a delivery-versus-payment basis through a link to the national payments system. This ensures final settlement of transactions.
The document provides an overview of key concepts in business continuity and disaster recovery planning including defining recovery point and recovery time objectives, describing alternative recovery strategies like hot sites and warm sites, explaining different types of backups, discussing testing procedures, and outlining responsibilities and concerns to address in developing business continuity and disaster recovery plans. It is intended to help the reader understand the essential elements of ensuring the continued operations of critical business functions in the event of a disruption or disaster.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionTechSoup
Let’s explore the intersection of technology and equity in the final session of our DEI series. Discover how AI tools, like ChatGPT, can be used to support and enhance your nonprofit's DEI initiatives. Participants will gain insights into practical AI applications and get tips for leveraging technology to advance their DEI goals.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
2. 2
Public Key Encryption and Digital Signature: How do they work?
TA B LE O F C O N T E N T S
INTRODUCTION 3
1. PUBLIC-KEY, WHAT IS IT? 3
1. 1 A DEFINITION 3
1.2 ENCRYPTION AND DECRYPTION 4
1.3 DIGITAL SIGNATURE AND VERIFICATION 4
1.4 BEYOND THE PRINCIPLES 5
1.5 IDENTITY AND KEYS 8
2. WHAT IS A CERTIFICATE 8
2.1 CERTIFICATE VALIDATION ADDED TO THE PROCESS 8
2.2 BEYOND THE MECHANICS 10
3. WHAT IS A PKI 10
3.1 KEY AND CERTIFICATE MANAGEMENT 10
3.2 SUPPORT FOR NON REPUDIATION OF DIGITAL SIGNATUR 11
4. CONCLUSION 11
ABOUT CGI 11
APPENDIX A: REFERENCES AND FOOTNOTES 12
3. 3
Public Key Encryption and Digital Signature: How do they work?
Introduction
One of the major challenges facing consultants today is maintaining a level of knowledge of
leading and emerging technologies, beyond the superficial or buzzword level. We need to
develop a level of understanding that allows us to communicate effectively with both
suppliers and customers. We then can demonstrate:
• Our knowledge of the business issues being addressed;
• The application of technology to providing solutions;
• The business benefits for the customer;
• The limitations that will remain and that will need to be mitigated in other ways.
Public-key has been around for some time now. A lot of interesting work has been done in
different committees (for instance IETF/PKIX and PKCS1) to define Public-key related
standards and techniques. But, do we know what is in there? Do we know how it works? Let’s
open the hood and take a look at the engine and at last, get into the details on how public-
key encryption and digital signature really work.
This article is a starting point to get a feel for a vast area named PKI (Public-Key
Infrastructure). This includes the mechanics described in this article as well as an ensemble
of software, hardware and processes governed by rules and standards converging to the high
level of Trust required and expected by the Industry.
1. Public-key, what it is
Public-key refers to a cryptographic mechanism. It has been named public-key to differentiate
it from the traditional and more intuitive cryptographic mechanism known as: symmetric-key,
shared secret, secret-key and also called private-key.
Symmetric-key cryptography is a mechanism by which the same key is used for both
encrypting and decrypting; it is more intuitive because of its similarity with what you expect
to use for locking and unlocking a door: the same key. This characteristic requires
sophisticated mechanisms to securely distribute the secret-key to both parties2.
Public-key on the other hand, introduces another concept involving key pairs: one for
encrypting, the other for decrypting. This concept, as you will see below, is very clever and
attractive, and provides a great deal of advantages over symmetric-key:
• Simplified key distribution
• Digital Signature
• Long-term encryption
However, it is important to note that symmetric-key still plays a major role in the
implementation of a Public-key Infrastructure or PKI.
1.1 A definition
Public-key is commonly used to identify a cryptographic method that uses an asymmetric-key
pair3: a public-key and a private-key 4. Public-key encryption uses that key pair for
encryption and decryption. The public-key is made public and is distributed widely and freely.
The private-key is never distributed and must be kept secret.
Given a key pair, data encrypted with the public-key can only be decrypted with its private-
key; conversely, data encrypted with the private-key can only be decrypted with its public-
key. This characteristic is used to implement encryption and digital signature. Both
encryption and digital signature principles are illustrated in Figure 1 and Figure 2.
4. 4
Public Key Encryption and Digital Signature: How do they work?
1.2 Encryption and Decryption
Encryption is a mechanism by which a message is transformed so that only the sender and
recipient can see. For instance, suppose that Alice wants to send a private message to Bob.
To do so, she first needs Bob’s public-key; since everybody can see his public-key, Bob can
send it over the network in the clear without any concerns. Once Alice has Bob’s public-key,
she encrypts the message using Bob’s public-key and sends it to Bob. Bob receives Alice’s
message and, using his private-key, decrypts it.
Figure 1: Encryption/Decryption principles
1.3 Digital Signature and Verification
Digital signature is a mechanism by which a message is authenticated i.e. proving that a
message is effectively coming from a given sender, much like a signature on a paper
document. For instance, suppose that Alice wants to digitally sign a message to Bob. To do
so, she uses her private-key to encrypt the message; she then sends the message along with
her public-key (typically, the public key is attached to the signed message). Since Alice’s
public-key is the only key that can decrypt that message, a successful decryption constitutes
a Digital Signature Verification, meaning that there is no doubt that it is Alice’s private key
that encrypted the message.
Figure 2: Digital Signature/Verification principles
Alice
PuKeyBob
Encryption/Decryption
Bob
PrKeyBob
[Message]PuKeyBob
Alice writes a message for Bob. In order to make sure
that only Bob can look at this message, Alice encrypts
it using Bob’s Public Key.
Bob receives the message sent by Alice. In order for him
to see what Alice put in her message, Bob decrypts it
using his private key.
Alice
PrKeyAlice
Digital Signature/Verification
Bob
PuKeyAlice
[Message]PrKeyAlice
Alice writes a message for Bob. In order to prove that
the message has effectively been written by her, Alice
signs it by encrypting the message using her Private key.
Bob receives the message sent by Alice. In order for him
to verify that the message is effectively coming from
Alice, Bob decrypts it using Alice’s Public Key.
5. 1.4 Beyond the principles
The two previous paragraphs illustrate the encryption/decryption and signature/verification
principles. Both encryption and digital signature can be combined, hence providing privacy
and authentication.
As mentioned earlier, symmetric-key plays a major role in public-key encryption
implementations. This is because asymmetric-key encryption algorithms5 are somewhat
slower than symmetric-key algorithms6.
For Digital signature, another technique used is called hashing. Hashing produces a message
digest that is a small and unique7 representation (a bit like a sophisticated checksum) of the
complete message. Hashing algorithms8 are a one-way encryption, i.e. it is impossible to
derive the message from the digest. The main reasons for producing a message digest are:
1 The message integrity being sent is preserved; any message alteration will immediately
be detected;
2 The digital signature will be applied to the digest, which is usually considerably smaller
than the message itself;
3 Hashing algorithms are much faster than any encryption algorithm (asymmetric or
symmetric).
The following sections explains what really happens when encrypting and signing a message
on one hand, and when decrypting a message and verifying its signature on the other hand.
1.4.1 Steps for signing and encrypting a message
Figure 3 below shows the set of operations required when Alice wants to send a signed and
encrypted message to Bob.
Figure 3: Signature and Encryption details with keys
5
Public Key Encryption and Digital Signature: How do they work?
Signature
Legend
Encryption
Alice
Alice sending a signed and encrypted message to Bob
Bob
Send Message to
recipient
2b: Encrypt with
SymK
1a: Calculate Digest
2c: Encrypt
Symmetric Key
1b: Sign Digest
2a: Evalute SymK
PrKA Alice’s Private Key
PuKA Alice’s Public Key
PuKB Bob’s Public Key
SymK One time symmetric key
Hash Hashing alogorithm
[Message+[Digest]PrKA+PuKA]SymK+[SymK]PuKBSigned and Encrypted Message
Message in Clear
[Message+[Digest]PrKA
+PuKA]SymK
+SymK
Message+[Digest]PrKA
+PuKA
Digest=[Message]Hash
SymK
6. 6
Public Key Encryption and Digital Signature: How do they work?
1) Message signature. Digital signature includes two steps:
a) Message digest evaluation. The main purpose for evaluating a digest is to ensure
that the message is kept unaltered; this is called message integrity.
b) Digest signature. A signature is in fact an encryption using the issuer’s (Alice in this
case) private-key. Included in the signature is also the hashing algorithm name
used by the issuer. The issuer’s public-key is also appended to the signature. Doing
so lets anyone decrypt and verify the signature using the issuer’s public-key and
hashing algorithm. Given the properties of public-key encryption and hashing
algorithms, the recipient has proof that:
i) The issuer’s private-key has encrypted the digest;
ii) The message is protected against any alteration.
2) Message encryption. Encryption includes the following 3 steps:
a) Creation of a one time symmetric encryption/decryption key. Remember that
encryption and decryption algorithms using asymmetric-keys are too slow to be
used for long messages; symmetric-key algorithms are very efficient and are
therefore used.
b) Message encryption. The whole message (the message itself and the signature) is
encrypted using SymK, the symmetric-key evaluated above.
c) Symmetric-key encryption. SymK is also used by the recipient to decrypt the
message. SymK must therefore be available to the recipient (Bob) only. The way to
hide the Symk from everybody except the recipient is to encrypt it using the
recipient’s public-key. Since SymK is a small piece of information compared to a
message (that could be very long), the performance penalty associated with the
relative inefficiency of asymmetric-key algorithms is acceptable.
One interesting point to mention is that if Alice wants to send the same message to more
than one recipient, say Bob and John for instance, the only additional operation to be
performed is to repeat ‘step 2) c)’ for John. Hence, the message that both Bob and John
would receive would look like:
[Message+[Digest]PrKA+PuKA]SymK+[SymK]PuKB+[SymK]PuKJ . Notice that the exact
same SymK will be used by Bob and John to decrypt the message.
7. 7
Public Key Encryption and Digital Signature: How do they work?
1.4.2 Steps for Decrypting and verifying the signature of a message
Figure 4 below shows the set of operations required when Bob wants to decrypt and verify
the message sent by Alice.
Figure 4: Decryption and verification details with keys
1) Message decryption. The decryption includes the following steps:
a) Symmetric-key decryption. The one time symmetric-key has been used to encrypt
the message. This key (SymK) has been encrypted using the recipient’s (Bob)
public-key. Only Bob can decrypt SymK and use it to decrypt the message9.
b) Message decryption. The message (which includes the message itself and the
signature) is decrypted using SymK.
2) Signature verification. The signature verification includes the following 3 steps:
a) Message digest decryption. The digest has been encrypted using the issuer’s (Alice)
private-key. The digest is now decrypted using the issuer’s public-key included in
the message.
b) Digest evaluation. Since hashing is a one-way process i.e. the message cannot be
derived from the digest itself, the recipient must re-evaluate the digest using the
exact same hashing algorithm the issuer used.
c) Digests comparison. The digest decrypted in a) and the digest evaluated in b) are
compared. If there is a match, the signature has been verified, and the recipient can
accept the message as coming unaltered from the issuer. If there is a mismatch this
could mean that:
i) The message has not been signed by the issuer or
ii) The message has been altered.
iii) In both cases, the message should be rejected.
Decryption
Legend
Verification
Alice
Bob Decrypting and Verifying message sent by Alice
Bob
Message is decrypted and
signature is verified
1a: Decrypt SymK
with PrKB
2c: Compare Digests
2b: Evaluate Digest 2a: Decrypt Digest using PuKA
1b: Decrypt Message with SymK
PrKA Alice’s Private Key
PuKA Alice’s Public Key
PuKB Bob’s Public Key
SymK One time symmetric key
Hash Hashing alogorithm
=
Digest = [Message]HASH Digest
[Message+[Digest]PrKA
+PuKA]
Message in Clear
[Message+[Digest]PrKA
+PuKA]SymK
+SymK[Message+[Digest]PrKA
+PuKA]SymK
+[SymK]PuKB
8. 8
Public Key Encryption and Digital Signature: How do they work?
1.5 Identity and keys
Until now, we have taken for granted the keys being used for encryption/decryption and
digital signature/verification belong to Bob and Alice. How can we be sure that Alice is really
Alice? And, how can Alice be sure that only Bob will see what she encrypted? So far, the only
thing we know is that the user of a given key pair has signed and encrypted the message.
But, is he really the owner? George, for instance, may have sent a message to Bob pretending
that he is Alice; Bob cannot tell whether or not it is Alice or George who is sending the
message. The same applies to Bob’s public-key. This issue is solved by the use of certificates.
2. What is a Certificate
A certificate is a piece of information that proves the identity of a public-key’s owner. Like a
passport, a certificate provides recognized proof of a person’s (or entity) identity. Certificates
are signed and delivered securely by a trusted third party entity called a Certificate Authority
(CA). As long as Bob and Alice trust this third party, the CA, they can be assured that the
keys belong to the persons they claim to be.
A certificate contains among other things:
1) The CA’s identity
2) The owner’s identity
3) The owner’s public-key
4) The certificate expiry date
5) The CA’s signature of that certificate
6) Other information that is beyond the scope of this article.
With a certificate instead of a public-key, a recipient can now verify a few things about the
issuer to make sure that the certificate is valid and belongs to the person claiming its
ownership:
1) Compare the owner’s identity
2) Verify that the certificate is still valid
3) Verify that the certificate has been signed by a trusted CA
4) Verify the issuer’s certificate signature, hence making sure it has not been altered.
Bob can now verify Alice’s certificate and be assured that it is Alice’s private-key that has
been used to sign the message. Alice must be careful with her private-key and must not
divulge how to get to it; by doing so, she is enforcing one aspect of the non-repudiation
feature associated with her digital signature. As will be seen in section 3.2, there is more to
consider for effective non-repudiation support.
Note that certificates are signed by a CA, which means that they cannot be altered. In turn,
the CA signature can be verified using that CA’s certificate.
2.1 Certificate validation added to the process
When Alice encrypts a message for Bob, she uses Bob’s certificate. Prior to using the public-key
included in Bob’s certificate, some additional steps are performed to validate Bob’s certificate:
1) Validity period of Bob’s certificate
2) The certificate belongs to Bob
3) Bob’s certificate has not been altered
4) Bob’s certificate has been signed by a trusted CA
Additional steps would be required to validate the CA’s certificate in the case where Alice
does not trust Bob’s CA. These steps are identical to the ones requires to validate Bob’s
certificate. In the example below, it is assumed that both Bob and Alice trust that CA.
9. 9
Public Key Encryption and Digital Signature: How do they work?
Figure 5: Signature and Encryption details with certificates
In the Figure 5 above, a Certificate validation step is added to what is shown in Figure 3. Only
the fields required for the validation of a certificate are displayed.
Alice wants to make sure that the PuKB included in CertB belongs to Bob and is still valid.
• She checks the Id field and finds BobId, which is Bob’s identity. In fact, the only thing she
really knows is that this certificate appears to belong to Bob.
• She then checks the validity fields and finds that the current date and time is within the
validity period. So far the certificate seems to belong to Bob and to be valid.
• The ultimate verification takes place by verifying CertB’s signature using the CA’s public-
key (PuKCA found in CertCA)10. If CertB signature is ok, this means that:
a) Bob’s certificate has been signed by the CA in which Alice and Bob has put all
their trust.
b) Bob’s certificate integrity is proven and has not been altered in any way.
c) Bob’s identity is assured and the public-key included in the certificate is still valid
and belongs to Bob. Therefore, Alice can encrypt the message and be assured that
only Bob will be able to read it.
Similar steps will be performed by Bob on Alice’s certificate before verifying Alice’s signature.
Legend
Alice sending a signed and encrypted message to Bob revisted
PrKA Alice’s Private Key
PrCA CA’s Private Key
PrSi CertCA Signer’s Private Key
PuKB Bob’s Public Key
PuKCA CA’s Public Key
CertA Alice’s Certificate
CertB Bob’s Certificate
CertCA CA’s Certificate
SymK One time symmetric key
Hash Hashing alogorithm
BobId Bob’s Identity
CAId CA’s Identity
SiId CertCA Signer’s Id
Validity Certificate’s Valid Period
Signature
Encryption
Certificate Validation
Alice
Bob
1a: Calculate Digest
OK
3c: Encrypt Symmetric Key
3b: Encrypt
with SymK
1b: Sign Digest
Verify CertB
CertB
BobId+Validity+PuKB+CAId+[Digest]PrCA
CertCA
CAId+Validity+PuKCA+SiId+[Digest]PrSi
[Message+[Digest]PrKA
+CertA]SymK
+SymK
[Message+[Digest]PrKA
+CertA]SymK
+[SymK]PuKB
Message in Clear
Signed and
Encrypted Message
[Message+[Digest]PrKA
+CertA
Digest=[Message]Hash
Valid
CertB
SymK
CertCA
CertDB
10. 10
Public Key Encryption and Digital Signature: How do they work?
2.2 Beyond the mechanics
So far, this article covered in some details the public-key mechanics associated with
encryption and digital signature. In section 2.1 the notion of Certificate Authority has been
brought up. The CA is the heart of a Public-Key Infrastructure (PKI).
3. What is a PKI
A PKI is a combination of software and procedures providing a means for managing keys and
certificates, and using them efficiently. Just recall the complexity of the operations described
earlier in this article for having a feel on the absolute necessity to provide users with
appropriate software support for encryption and digital signature. But nothing has been said
yet about management.
3.1 Key and certificate management
Key and certificate management is the set of operations required to create and maintain keys
and certificates. The following is the list of the major points being addressed in a managed PKI:
1) Key and certificate creation: How to generate key pairs? How to issue certificates to the users?
A PKI must offer software support for key pair generation as well as certificate requests.
In addition, procedures must be put in place to verify the user identity prior to allowing
him to request a certificate.
2) Private-key protection: How will the user protect his private-key against misuse by other
malicious users?
Certificates are widely accessible because they are used for either encryption or signature
verification. Private-keys require some reasonable level of protection because they are
used either for decryption or for digital signature. A strong password mechanism must be
part of the features of an effective PKI.
3) Certificate revocation: How to handle the situation where a user’s private-key has been
compromised? Similarly, how to handle the situation where an employee leaves the
company? How to know whether or not a certificate has been revoked?
A PKI must provide a means by which a certificate can be revoked. Once revoked, this
certificate must be included in a revocation list that is available to all users. A mechanism
must be provided to verify that revocation list and refuse to use a revoked certificate.
4) Key backup and recovery: What happens to encrypted files when a user loses his private-key?
Without key backup, all messages and files that have been encrypted with his public-key
can no longer be decrypted and are lost forever. A PKI must offer private-key backup and a
private-key recovery mechanism such that the user can get back his private-key to be able
to get access to his files11.
5) Key and certificate update: What happens when a certificate reaches or is near its expiry date?
Keys and certificates have a finite lifetime. A PKI must offer a mechanism to at least
update the expiry date for that certificate. Good practice though is to update the user’s
keys and certificates. The key and certificate update can be automatic in which case the
end user gets notified that his keys have been updated, or can require that the user
performs an action during or before his keys and certificates expire; if this case, the PKI
must inform the user that this action is required prior the expiry time of his keys and
certificates.
6) Key history management: After several key updates, how will a user decide which private-
key to use to decrypt files?
Each key update operation generates new key pairs. Files that have been encrypted with
previous public-keys can only be decrypted with their associated private-keys. Without
key history management, the user would have to make decision on the key to use for
decrypting files12.
11. 11
Public Key Encryption and Digital Signature: How do they work?
7) Certificate access: How will a user, who wants to send a message to several recipients, get
their certificates?
A PKI must offer an easy and convenient way to make these certificates available. The use
of an LDAP directory is commonly used for that purpose.
3.2 Support for non repudiation of digital signature
One important point that has to be clarified is non-repudiation of digital signature. This
notion refers to the fact that a user cannot deny having signed a given message. This implies
that the user who signed the message is the only one who has access to the private-key used
for signing. However, as we have seen above, in a managed PKI, private-keys are kept by the
CA for key recovery purposes. Therefore, both the user and the CA know that private-key,
which means that both can (in theory) use that key for signing a message. A user can then
deny having signed that message.
In order to avoid this situation and provide non-repudiation support, there must be a second
key pair used for signature/verification purposes only. No backup is made for the signing
private-keys, and only the user has access to it. In the case where the user loses his
password, he loses his signing key as well. At key recovery time, the encryption/decryption
key pair is given back to the user and a new signature/verification key pair is generated. This
causes no problem since each time a user signs a document, the associated verification
certificate is appended to it, so the document signature can always be verified at any time.
4. Conclusion
Public-key is a very appealing and exciting technology, embedding both encryption and
digital signature. This constitutes a breakthrough over symmetric-key cryptosystems.
Beyond the mechanics, there is a need for an infrastructure, a PKI, which includes the tools
to effectively manage and use keys and certificates. Section 3 gives a feel for how a well
managed PKI addresses main issues related to key/certificate usage and management. This
should be covered in more details in another article.
Finally, beyond the infrastructure, there is a need for preparing, documenting and
maintaining the infrastructure. From a technical point of view, implementing a PKI is a matter
of days. From a business point of view, implementing a PKI is really another story, and yet
another article.
About CGI
Founded 1976, CGI has worked with clients in a wide range of industries to help them
leverage the strengths of information technology (IT) to optimize their business performance
and
produce value-driven results. We also offer a comprehensive array of
business process outsourcing (BPO) services, enabling us to help manage and improve our
clients’ day-to-day business processes while freeing them up to focus more on strategic
decision making. Our consulting, systems
integration and outsourcing services provide a total solution package designed to meet our
clients’ complete business and technology needs. We approach every engagement with one
objective in mind—to help our client win and grow. CGI provides services to clients worldwide
from offices in Canada, the United States, Europe, as well as centers of excellence in India
and Canada.
To explore this topic and how we can help, contact your CGI account manager or visit
http://www.cgi.com/web/en/head_office.htm for the location of the CGI office nearest you. Other
information about CGI can be found at www.cgi.com.
12. 12
Public Key Encryption and Digital Signature: How do they work?
References
Curry, Ian, Entrust Technologies, “Getting Acquainted With Entrust/Solo and Public-key
Cryptography”, version 1.0, July 1997
Netscape, “Introduction to Public-Key Cryptography”,
http://developer.netscape.com/docs/manuals/security/pkin/contents.htm
Curry, Ian, Entrust Technologies, “Version 3 X.509 Certificates”, July 1996, version 1.0
Branchaud, Marc, “A Survey of Public-key Infrastructures”, Department of Computer Science,
McGill University, Montreal, 1997
Curry, Ian, Entrust Technologies, “Key Update and the Complete story on the Need for Two
Key Pairs”, version 1.2, August 2000
RSA, “Intro to PKCS Standards”,
http://www.rsasecurity.com/solutions/developers/whitepapers/IntroToPKCSstandards.pdf
IETF/PKIX web site, http://www.ietf.org/html.charters/pkix-charter.html
Footnotes:
1 IETF/PKIX stands for Internet Engineering Task Force/Public-Key Infrastructure based on
X509 certificates. PKCS stands for Public Key Cryptography Standards; these standards
have been developed by RSA in conjunction with vendors like MicroSoft, Apple, Sun, etc.)
2 Infrastructures like Kerberos provide symmetric-key distribution and management.
3 Asymmetric-key vs symmetric-key is yet another differentiation between the
two mechanisms.
4 Be careful not to confuse between the private-key mechanism and a private-key. In
order to avoid any confusion, Symmetric-key will be used along this article when talking
about the mechanism.
5 Some asymmetric-key algorithms: RSA, DSA and ECDSA.
6 Some symmetric-key algorithms: RC2, RC4, DES and triple-DES.
7 In fact, the message digest is most probably unique in the sense that it is almost
impossible to find 2 meaningful messages and, at the same time, producing the same
digest. Hence the probability that a tampered message produces the same digest as
the original is almost zero.
8 Some hashing algorithms: SHA-1 and MD5.
9 In fact, all recipients would be able to decrypt their own copy of the SymK. All operations
that follow can therefore be performed by every recipient.
10 As a reminder, a signature is the digest of a message (in this case, the message is CertB)
encrypted using the issuer’s private-key (in this case the CA’s private-key). The CA’s
signature verification process is identical to what is illustrated in Figure 4 where
Bob verified Alice’s signature.
11 Private-key backup is also used for key escrow i.e. a way for the company or a legal third
party to get access to the users files which may contain invaluable information that
would otherwise be lost for ever.
12 For instance, suppose that at her last key update, Alice received PuKAn/PrKAn pair,
and that Alice kept a message that has been encrypted with PuKA1, her first public-key.
Then, she needs to use PrKA1 to decrypt the message.