This document discusses the history and uses of cryptography and digital certificates. It provides an overview of how public key infrastructure (PKI) uses public and private key pairs to securely exchange information over networks. A certification authority (CA) is responsible for issuing digital certificates which contain a public key and verify identity. PKI and digital certificates are used for applications like encryption, digital signatures, authentication, and secure communication protocols.

1. Digital Certificates
(PKI)
1

2. Cryptography History
• Cryptography is the art of encrypting and decrypting information
• The earliest known use of cryptography was the Egyptians in
1900BC
• Julius Ceaser use a simple substituion cipher to secure his
communications
• Thomas Jefferson, in 1790, invented a cipher wheel that the US Navy
used in WWII
• In the late 20s and early 30s, the FBI established an office to combat
the increasing use of cryptography by criminals (rum runners)
• Dr. Hosrt Feistel invented the precusor to DES while at IBM
• In 1976, the Federal Govt introduced DES based on using Feistel
ciphers
• In 1977, Scientific American magazine introduced us to Rivest,
Shamir and
• Aldeman or RSA encryption. They offered it for free with a self
addressed
• envelope and the NSA promptly freaked out
• 1990 brought us the 128 bit cipher called “IDEA”
• X.500 was the orginal protocol in 1988
• X.509 V3 was released in 1996
2

3. (X.509 digital certificates)what
for
● 802.1x port authentication
● Digital Signatures
● File Encryption
● Web Authorization (SSL)
● IP Security (end-point to end-point)
● Secure Email
● VPNs
3

4. Digital Certificate
Electronic Certificate it contains
information about an individual or entity. It
Is issued from a trusted 3rd party.
Contains information that can prove its
authenticity. Has an expiration date.It Is
presented to someone (or some thing) for
validation. (Ex. driver’s license or
passport)
4

5. Introduction to Public Key
Infrastructure (PKI)
PKI is a security architecture that
has been introduced to provide an
increased level of confidence for
exchanging information over an
increasingly insecure Internet.
Public |<>| Private
5

6. The Public Key used for
Encryption
Another person uses your public encryption
key when they want to send you
confidential information. The information to
be sent is encrypted using your public
key*. You can provide your public key to
the sender, or it can be retrieved from the
directory in which it is published.
6

7. The Private Key used for
Decryption
A private key is used to decrypt information
that has been encrypted using its
corresponding public key. The person
using the private key can be certain that
the information it is able to decrypt must
have been intended for them, but they
cannot be certain who the information is
from.
7

8. Plain
text
Encrypt with
B’s public
key
Plain text
Decrypt with
B’s private key
Sender
(A)
Netwo
rk
Receiver
(B)
Cipher
text
Cipher
text
8

9. Customer
A
Customer
B
Customer
C
Bank’s public
key
Bank’s public
key
Bank’s public
key
Bank’s private
key
Bank
9

10. C1(S1)
C4(S4)
C2(S2) C3(S3)
S1 S2
S3 S4
Certificate Servers
Certificate
Generator
10

11. Certification Authority (CA)
It Is a combination of hardware and software
which is responsible for creating digital
certificates
It can issue certificates to individuals,
organizations, network devices, servers, or
other CAs
11

12. Support for
Windows / Linux
• Outlook
• Lotus Notes
• Netscape / Mozilla
• Thunderbird
12

13. PKI (Public Key Infrastructure)
-Infrastructure using pairs of public and private
keys to ensure privacy and security of data.
Private Key
-One half of the PKI key pair and which is never
given out to anyone. This key can be protected
by a password.
Public Key
-The second half of the PKI key pair that can be
given out to the public or placed on a key server.
CA (Certificate Authority) (Ex. DNS)
-A trusted authority that signs your certificates
and validates the certificate.
Terminology
13

14. Self Signed Certificate
– A digital certificate that you signed and validated using a private CA
and is not trusted by default in the real world.
SSL (Secure Socket Layer)
– A protocol developed by Netscape to provide a secure method of
exchanging data using a browser over a public network such as the
internet.
Hash
-Hashing is taking a file and applying a hashing algorithm to it and
generating a mathematical checksum.
RSA (Rivest, Shamir and Aldeman)
– A public key cipher that can be used to encrypt and to digitally sign.
DSA (Digital Signing Algorithm)
– Like RSA, it is a public key cipher but it can only be used to digitally
sign.
PKCS#12 (Personal Information Exchange Syntax)
– A portable container file format that can be used to transfer
certificates and private keys.
Terminology
14

15. algorithm
MD5
– Message Digest 5. Hash algorithm that was
released in 1991.
SHA1
– Secure Hash Algorithm version 1 ciper was
released in 1995.
There are improved versions of SHA
collectively called “SHA2”
15