Public Key Cryptography



Download 0.67 Mb.
Page7/7
Date13.10.2023
Size0.67 Mb.
#62314
1   2   3   4   5   6   7
Lecture 2 Public Key Cryptography

Public key applications

  • Digital signatures
  • Public key encryption can also be used to create digital signatures. The digital signatures are generated via the following steps:
  • The sender identifies the file to be digitally signed.
  • The document application on the sender's computer calculates a unique hash value for the contents of that file.
  • The sender's private key is used to encrypt the hash value, creating the digital signature.
  • The original file and the digital signature are sent together to the recipient.
  • The recipient uses the sender's public key to decrypt the digital signature's hash.
  • The recipient's computer calculates the hash of the original file and compares it with the decrypted hash. If the two hashes match, the signature is verified. If the hashes don't match, that's evidence that the document has been altered or that the signature isn't valid.

Public key applications

  • Secure Socket Layer and Transport Layer Security connections
  • SSL/TLS use public key encryption to create a secure connection between the server and client. This encryption method enables the use of Hypertext Transfer Protocol Secure. The communication session is first established using asymmetric encryption to establish the identities of both parties and to exchange a shared session key that enables a symmetric cipher. Symmetric encryption, using a shared key, is faster and more efficient than asymmetric encryption so it makes sense to use it for as much of the communication as possible.

Public key risks

  • While public key encryption is more secure than symmetric encryption, there are a few risks to consider, including the following:
  • Low-quality key. A poorly crafted asymmetric key algorithm -- one that's too short in length, for example -- is a security risk.
  • Lost private key. If the private key is lost or misplaced, access to the data becomes problematic.
  • Man-in-the-middle (MitM) attacks. Public key encryption can be a target for MitM attacks. The two main ways of trusting the identity of a website are the site's security certificate and its public key encryption. If either of these is compromised, a malicious party can insert itself into the connection between a user and a website and then capture any information sent between the two.

Benefits of PKC

  • One key cannot be derived from another key, and there is no need to exchange the keys
  • It allows to establish authentication of the sender by using PKC (digital signature)
  • It can be used to create a digital signature in the Operating System software such as Ubuntu, Red Hat Linux packages distribution, etc.

Download 0.67 Mb.

Share with your friends:
1   2   3   4   5   6   7




The database is protected by copyright ©ininet.org 2024
send message

    Main page