Digital Certificates in Asymmetrical Cryptography: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
(Created page with "As part of protection and encryption of ever increasing network vulnerabilities and security needs, traditional symmetrical algorithms that encrypt information using private keys...")
 
No edit summary
Line 1: Line 1:
As part of protection and encryption of ever increasing network vulnerabilities and security needs, traditional symmetrical algorithms that encrypt information using private keys are not always sufficient. Asymmetric Cryptography, also known as Public Key Cryptography  uses two keys instead of one, and contains many more permutations and defenses than an ordinary symmetrical algorithm. The use of these algorithms also allows checks of authenticity with digital signatures.
As part of protection and encryption of ever increasing network vulnerabilities and security needs, traditional symmetrical algorithms that encrypt information using private keys are not always sufficient. Asymmetric Cryptography, also known as Public Key Cryptography  uses two keys instead of one, and contains many more permutations and defenses than an ordinary symmetrical algorithm. The use of these algorithms also allows checks of authenticity with digital signatures.
1. Asymmetrical cryptography fundamentals
2. Digital Certificates and hashing
3. Key Generation Protocol
4. Encryption algorithms, such as RSA, ECC, Quantum Cryptography, and NTRUEncrypt


Asymmetrical cryptography fundamentals
==Asymmetrical cryptography fundamentals==
  The primary feature of public-key cryptography is that it removes the
  The primary feature of public-key cryptography is that it removes the
need to use the same key for encryption and decryption. Whereas traditional cryptography uses one key to decode and encrypt messages, asymmetric encryption utilizes two mathematically linked key pairs; a public key and a private key which must be used together to create a connection. The public key is known to everyone and can be freely distributed, while the private key is only known the the user who is sending the message. When someone wishes to send a message using any asymmetrical encryption standard, he must use the receiver's public key to send it, then the receiver uses his own private key to decrypt it. Additionally, the connection works both ways; as a message encrypted by a person's private key can be unencrypted by the corresponding public key.   
need to use the same key for encryption and decryption. Whereas traditional cryptography uses one key to decode and encrypt messages, asymmetric encryption utilizes two mathematically linked key pairs; a public key and a private key which must be used together to create a connection. The public key is known to everyone and can be freely distributed, while the private key is only known the the user who is sending the message. When someone wishes to send a message using any asymmetrical encryption standard, he must use the receiver's public key to send it, then the receiver uses his own private key to decrypt it. Additionally, the connection works both ways; as a message encrypted by a person's private key can be unencrypted by the corresponding public key.   
The two main branches of Public Key are Public Key Encryption and Digital Certificates.


Digital certificates and hashing
 
==Digital certificates and hashing==
===Digital certificates===
Asymmetric cryptography cannot naturally provide authentication, as although a message that is sent with an asymmetric protocol can ensure the message has not been tampered with, it cannot verify whether the sender is who they say they are due to a public key's nature. To provide proof, a digital signature must be created, which acts as a handwritten signature verifying the sender. It can also confirm that the message had not been altered since it was signed, or prevent the sender from disputing the origin of the message. Hashing, in its simplist form is an algorithm that you can run a piece of data through and get out a number that represents the original.
Asymmetric cryptography cannot naturally provide authentication, as although a message that is sent with an asymmetric protocol can ensure the message has not been tampered with, it cannot verify whether the sender is who they say they are due to a public key's nature. To provide proof, a digital signature must be created, which acts as a handwritten signature verifying the sender. It can also confirm that the message had not been altered since it was signed, or prevent the sender from disputing the origin of the message. Hashing, in its simplist form is an algorithm that you can run a piece of data through and get out a number that represents the original.


A digital signature consists of three algorithms: A key generation algorithm that selects a private key at random from a set of possible private keys, then uses it to create the private key and public key that corresponds to it; a signing algorithm that produces the signature when given a message and a private key, and a signature verifying algorithm that takes the message, public key and signature either accepts or rejects the message's claim of authenticity.
A digital signature consists of three algorithms: A key generation algorithm that selects a private key at random from a set of possible private keys, then uses it to create the private key and public key that corresponds to it; a signing algorithm that produces the signature when given a message and a private key, and a signature verifying algorithm that takes the message, public key and signature either accepts or rejects the message's claim of authenticity.


A brief history
===Hashing===
In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme
 
 
 
Prior to the invention of public-key cryptography, it was essentially impossible to
provide key management for large-scale networks.  With symmetric cryptography, as
the number of users increases on a network, the number of keys required to provide
secure communications among those users increases rapidly.  For example, a network
of 100 users would require almost 5000 keys if it used only symmetric cryptography.
Doubling such a network to 200 users increases the number of keys to almost
20,000.  Thus, when only using symmetric cryptography, key management quickly
becomes unwieldy even for relatively small-scale networks.
Key Generation Protocol

Revision as of 23:57, 7 December 2011

As part of protection and encryption of ever increasing network vulnerabilities and security needs, traditional symmetrical algorithms that encrypt information using private keys are not always sufficient. Asymmetric Cryptography, also known as Public Key Cryptography uses two keys instead of one, and contains many more permutations and defenses than an ordinary symmetrical algorithm. The use of these algorithms also allows checks of authenticity with digital signatures.

Asymmetrical cryptography fundamentals

The primary feature of public-key cryptography is that it removes the

need to use the same key for encryption and decryption. Whereas traditional cryptography uses one key to decode and encrypt messages, asymmetric encryption utilizes two mathematically linked key pairs; a public key and a private key which must be used together to create a connection. The public key is known to everyone and can be freely distributed, while the private key is only known the the user who is sending the message. When someone wishes to send a message using any asymmetrical encryption standard, he must use the receiver's public key to send it, then the receiver uses his own private key to decrypt it. Additionally, the connection works both ways; as a message encrypted by a person's private key can be unencrypted by the corresponding public key.


Digital certificates and hashing

Digital certificates

Asymmetric cryptography cannot naturally provide authentication, as although a message that is sent with an asymmetric protocol can ensure the message has not been tampered with, it cannot verify whether the sender is who they say they are due to a public key's nature. To provide proof, a digital signature must be created, which acts as a handwritten signature verifying the sender. It can also confirm that the message had not been altered since it was signed, or prevent the sender from disputing the origin of the message. Hashing, in its simplist form is an algorithm that you can run a piece of data through and get out a number that represents the original.

A digital signature consists of three algorithms: A key generation algorithm that selects a private key at random from a set of possible private keys, then uses it to create the private key and public key that corresponds to it; a signing algorithm that produces the signature when given a message and a private key, and a signature verifying algorithm that takes the message, public key and signature either accepts or rejects the message's claim of authenticity.

Hashing