Cryptography and Public Key Infrastructure

[Allison]

I want to know about the Cryptography and Public Key Infrastructure. Last time, you members have explained properly about my query, so I thought to ask my question over here instead of searching on net. Please provide some detailed information about the topic. Any other notes regarding the topic would be grateful. I am expecting that discussion should be in detail so that I can gain much knowledge.

[Christina 80]

Cryptography is fundamentally based on mathematical functions and in-depth study would lead us directly to mathematical research, which is not the objective at this time. Cryptographic methods are based on mathematical algorithms (functions) such that applied to certain data (the information) plus a variable argument produce a given output unreadable (ciphertext). In general terms used Plain Text (readable information), Key (the argument variable) and ciphertext (encrypted information).

[Galbraith]

Cryptography is one of the methods to protect confidential information. This paper will be defined as a set of mathematical techniques for protecting information by certain properties, which define the most important. We must bear in mind that some of them are provided by cryptographic means and / or encrypted.

[MaggieK]

The following are the Properties of Cryptography :

• Confidentiality: means that information is hidden to anyone other than parties authorized to view it. To provide confidentiality to the same information must be encrypted (encryption). It is important to note that the keys must be changed periodically to enhance security, and further that must be adequately protected. Consider two cases of data transmission using IPSec, and the use of EFS (Encrypted File System).
• Integrity means that information is not altered by unauthorized parties, both during transmission and during storage.
• Non-repudiation: it implies that the sender can not falsely deny the issuance of the message. It also implies that the receiver can not falsely deny receiving.
• Non-forwarding: it implies that information or message can not be returned by someone who has captured a legal transaction.
• Authentication: requires evidence of the identity of one party to another. It provides that someone can not misrepresent your own identity, and allows the receiver to reliably determine the sender's identity.

[Sydney_7]

I would like to discuss about the cryptographic functions. Mathematical algorithms (functions) used in cryptography meet certain conditions, including the fundamental means that is simple computer in a sense, and virtually impossible in the opposite direction, without knowing any of the information. Let's clarify this: in Plaintext + Key + algorithm is easy to obtain the ciphertext. But knowing Text + encryption algorithm, it is almost impossible to obtain the plain text, without knowing the password. The algorithms used are known publicly, the difficulty is not knowing the key.

[Lawford]

Hash functions are also involved. These functions take a variable length input (Plaintext) and produce a fixed length output (hash). Whose priority is a "small" change in input produces a "large" change in the output. Anyway we must remember that "reduce" the entrance to a fixed length output, and generally shorter, it is always possible that different inputs produce the same result, this is called collision. Meet the condition that in the event of a collision entries are so different that it is easy to see that do not correspond.

[Viensterrr]

When using a symmetric key scheme, also called the Secret Sharing method uses the same key to encrypt and decrypt information. The key concept to remember is that the key used to encrypt, is used to decrypt it, therefore the algorithms used are complementary. This scheme has advantages and disadvantages. Among the advantages we can mention the ease of implementation and among the disadvantages that if you agree to the Key, at either end, you get the ability to encrypt and decrypt.

[Barsha]

The asymmetric key scheme greatly improves the security of the previous case, but its implementation is more complex. The Public Key scheme is based on each entity has two keys that meet the following conditions:

• The keys are different
• The keys are complementary: if you use one to encrypt, is required to decrypt the other

Each holder of these keys referred to as Public and publicly announces, and the other as Private which remains secret and protected.

[MELTRONICS]

I would like to give an example to clarify the use, such as a sending a message.

• Schematic of Symmetric or Secret Key Sharing
  When A is sending a message to B, you must first encrypt the message using an algorithm that both know, fueled by the key (shared secret). After which the sender. When B receives the message, knowing the algorithm used and the key can decrypt the message. It is noteworthy that this mechanism is the difficulty of how to share the key, a third party without knowledge.
• Schematic of Asymmetric or Public Key
  When A is sending a message to B, you must encrypt using the public key of B. Remember that B makes known the latter to whom the request. Send. When B receives the message using its private key and the algorithm used can decrypt the message. It should be noted that previously A must know the public key of B.

[Aanand]

The Digital Signature process whose main function is to ensure the integrity of the information and may also provide non-repudiation and authentication. Digital Signature Process is usually used in combination with a public key scheme, a way to encrypt the hash. If this can not happen, it would be easy for someone intercepting the message to alter the content and calculate the new hash. It is noteworthy that the digital signature does not provide encryption, if necessary the latter must be combined with an encryption technique.

[joel84]

The Digital Signature process whose main function is to ensure the integrity of the information and may also provide non-repudiation and authentication. Digital Signature Process is usually used in combination with a public key scheme, a way to encrypt the hash.

If A wants to send a digitally signed message to B performs the following steps: first calculate the hash of the information in that it encrypts data with its private key (of A) and the result is accompanied by the message. When B receives the message, using their knowledge of the public key of A, decrypts the hash, and then makes its own calculation of the hash of the received message. If the message has not changed since sending these values must match. In addition to being able to decrypt using the public key of A, assures that this was indeed the sender.

[FlayoFish]

One of the key components of the scheme is public key certificate. The certificate is a reliable way to verify the correspondence between a name and its corresponding public key. Although it contains much more data in the first instance we can say that a certificate reads something like:

• Name: A
• Public Key A

[Allison]

Although it contains much more data in the first instance we can say that a certificate reads something like:

• Name: A
• Public Key A

How do we ensure that the certificate is valid? Since I am not aware about this topic, I am requesting you to answer my query with basic things.

[Rebella]

How do we ensure that the certificate is valid?

We can check by knowing the public key of the certification authority. That can be done, by getting and installing the certificate authority certificate. Ultimately there are CAs which are certified themselves. Have a certificate given to them and signed by themselves. They are called root certificate authorities. One of the most common application is certified through the IIS HTTP Windows 2000 and Internet Explorer, but can also be in Active Directory. The applicant is who generates his own key pair. The private is stored locally, and the public is sent when contact the CA to request the certificate, besides providing all required information. After analyzing all the information, and telling that it is appropriate, the CA granted the certificate will become available. The applicant should contact the CA to verify the status of your order, and if granted, will install its own certificate. At this time your private key is added to your user profile, and is already able to use both.

[Mariah-Simpson]

The contents of a certificate in detail is beyond the scope of this note, but we'll see some of the important data it contains. Recall that the main use is to verify the correspondence between the name of the person was given and the corresponding public key. Some of the fields it contains are:

• Subject: who was awarded
• Subject Public Key: public key
• Issuer: who gave the certificate
• Serial: control number of the certifying authority
• Not Before: invalid by a certain date
• Not After: invalid after a certain date
• Signed: digital signature certification authority.

The concepts of encryption, digital signature and public key infrastructure involves complex issues, from the underlying mathematical theory, through proper planning and finally the difficulties of implementation. The purpose of this note has been made an introduction to fundamental concepts of operation. To deepen this knowledge is available an extensive bibliography, general safety training and specific training on each of the available platforms.