Digital Certificates in Asymmetrical Cryptography
As part of protection and encryption of ever increasing network vulnerabilities and security needs, traditional symmetrical algorithms that encrypt information using private keys are not always sufficient. Asymmetric Cryptography, also known as Public Key Cryptography uses two keys instead of one, and contains many more permutations and defenses than an ordinary symmetrical algorithm. The use of these algorithms also allows checks of authenticity with digital signatures.
Asymmetrical cryptography fundamentals
The primary feature of public-key cryptography is that it removes the need to use the same key for encryption and decryption. Whereas traditional cryptography uses one key to decode and encrypt messages, asymmetric encryption utilizes two mathematically linked key pairs; a public key and a private key which must be used together to create a connection. The public key is known to everyone and can be freely distributed, while the private key is only known the the user who is sending the message. When someone wishes to send a message using any asymmetrical encryption standard, he must use the receiver's public key to send it, then the receiver uses his own private key to decrypt it. Additionally, the connection works both ways; as a message encrypted by a person's private key can be unencrypted by the corresponding public key. A disadvantage of public-key crypography is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the contents of a message. Symmetrical algorithms are very easy to use and have the advantage of not consuming too much computing power, however there are dangers of the single secret key falling into wrong hands. Therefore, many computer companies use them in tandem.
Digital certificates
Asymmetric cryptography cannot naturally provide authentication, as although a message that is sent with an asymmetric protocol can ensure the message has not been tampered with, it cannot verify whether the sender is who they say they are due to a public key's nature. To provide proof, a digital signature must be created, which acts as a handwritten signature verifying the sender. It can also confirm that the message had not been altered since it was signed, or prevent the sender from disputing the origin of the message. Hashing, in its simplist form is an algorithm that you can run a piece of data through and get out a number that represents the original.
Digital Signatures
A digital signature consists of three algorithms: A key generation algorithm that selects a private key at random from a set of possible private keys, then uses it to create the private key and public key that corresponds to it; a signing algorithm that produces the signature when given a message and a private key, and a signature verifying algorithm that takes the message, public key and signature either accepts or rejects the message's claim of authenticity.
Hashing
Hashing is a form of cryptographic security which differences from encryption. Where as encryption has a two step rpoces used to first encrypt and then decrypt a message, hashing condenses a message into a irreversible fixed-length value, or hash. Two of the most common hashing algorithms seen in networking are MD5 and SHA-1; however, they are both found to have vulnerabilities and should be discouraged.