Documente Academic
Documente Profesional
Documente Cultură
70000 yrs 1019 yrs 1018 yrs 1016 yrs 1015 yrs
13 secs 1 hr
$100 billion
32 secs 24 days
1013 yrs
Applied Cryptography by Bruce Schneier (2nd Edition , Hohn Wiley & Sons, 1996)
Let n = pq.
e.g. n = 233 x 199 = 44377
Let m = (p-1)(q-1).
Given a Message M, to encrypt into ciphertext C, we use the following formula: C = ME mod n Our public key is (E, n)
Given a Ciphertext C, to decrypt into plaintext message M we use the following formula: M = CD mod n Our private key is (D, n)
2574335165 mod 44377
Digital signatures
A digital signature
Allows the receiver to authenticate the identity of the sender Prevents the sender from later claiming that he did not sent the message
Prevents the receiver from constructing the message that appears as if it came from the sender
Digital signatures
Step 1: A encrypts the plaintext (PT1) to ciphertext (CT1) using Bs public key PT1 CT1
Step 2: A creates a message digest by hashing and then the digital signature by encrypting the digest with As private key. PT1 MD1 DS1 Step 3: A sends both the ciphertext (CT1) and digital signature (DS1) to B. B receives both.
Digital signatures
Step 4: B decrypts ciphertext received in step 3 by using Bs private key to get the original plaintext message. CT2 PT2
How do we know PT2 = PT1? Comparing PT1 and PT2 is not a wise thing. Step 5: B obtains a message digest (MD2) by decrypting As digital signature received in step 3 by using As public key. Hope MD1 = MD2. Step 6: B creates its own message digest (MD3) using the same hashing algorithm on the plaintext message (PT2). If MD2 = MD3 B concludes that the message must have come from A and it has not been tempered with.
Symmetric
Same key is used Very fast Usually same as or less than the original size
Asymmetric
Two different keys Slower More than the original plain text size
A big problem Equals about the square of the number of participants, so scalability is an issue
Mainly for encryption and decryption (confidentiality), cannot be used of DS (integrity and non-repudiability)
Usage
Can be used for encryption and decryption (confidentiality) as well as for DS (integrity and nonrepudiability)
Digital Certificates
The certification Authority How do you generate a public/private key? How do you inform everyone? How do others know that the key sent by you is actually sent by you? Classes of certificates Certification Revocation List Online Certificate Validation Protocol
A Digital Certificate
Version: v3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: PKCS #1 MD5 With RSA Encryption Issuer: OU=Ace Certificate Authority, O=Ace Industry, C=US Validity: Not Before: Fri Oct 17 18:36:25 1997 Not After: Sun Oct 17 18:36:25 1999 Subject: CN=Jane Doe, OU=Finance, O=Ace Industry, C=US Subject Public Key Info: Algorithm: PKCS #1 RSA Encryption Public Key: Modulus: 43:7d:45:6d:71:4e:17:3d:f0:36:4b:5b:7f:a8 Public Exponent: 65537 (0x10001) Signature Algorithm: PKCS #1 MD5 With RSA Encryption Signature: 6d:23:af:f3:d3:b6:7a:df:90:df:cd:7e:18:6c Data:
SSL
Client sends hello message Send encryption algorithm and key length Server responds with hello message Client sends response Send server certificate containing servers public key Server receives client response and initiates sessions
Session
Send data between client and server using private, shared key
Session