Digital Signature, Digital Certificate CSC1720 – Introduction to Internet Essential Materials.

Digital Signature,Digital Signature,Digital CertificateDigital Certificate

CSC1720 – Introduction to CSC1720 – Introduction to InternetInternet

Essential MaterialsEssential Materials

CSC1720 – Introduction to Internet

All copyrights reserved by C.C. Cheung 2003.

2

OutlineOutline

IntroductionIntroduction CryptographyCryptography

– Secret-key algorithmsSecret-key algorithms– Public-key algorithmsPublic-key algorithms– Message-Digest algorithmsMessage-Digest algorithms

Digital SignatureDigital Signature Digital CertificateDigital Certificate Public Key Infrastructure (PKI)Public Key Infrastructure (PKI) Secure Electronic Transaction (SET)Secure Electronic Transaction (SET) SummarySummary



3

IntroductionIntroduction

CryptographyCryptography and and digital certificatesdigital certificates are first appeared in closed are first appeared in closed commercial, financial network and commercial, financial network and military systems.military systems.

We can send/receive secure e-mail, We can send/receive secure e-mail, connect to secure website to purchase connect to secure website to purchase goods or obtain services.goods or obtain services.

Problem:Problem: How do we implement them How do we implement them in this global, open network, Internet?in this global, open network, Internet?

To what level of encryption is sufficient To what level of encryption is sufficient to provide safe and trust services on to provide safe and trust services on the Net?the Net?



4

CryptographyCryptography

3 cryptographic algorithms:3 cryptographic algorithms:– Message-digest algorithmsMessage-digest algorithms

Map variable-length plaintext to fixed-Map variable-length plaintext to fixed-length ciphertext.length ciphertext.

– Secret-key algorithmsSecret-key algorithms Use one single key to encrypt and Use one single key to encrypt and

decrypt.decrypt.

– Public-key algorithmsPublic-key algorithms Use 2 different keys – public key and Use 2 different keys – public key and

private key.private key.



5

KeysKeys

It is a variable value that is used by It is a variable value that is used by cryptographic algorithms to produce cryptographic algorithms to produce encrypted text, or decrypt encrypted encrypted text, or decrypt encrypted text.text.

The length of the key reflects the The length of the key reflects the difficulty to decrypt from the difficulty to decrypt from the encrypted message.encrypted message.

Encryption DecryptionPlaintext PlaintextCiphertext

Key Key



6

Key lengthKey length

It is the number of bits (bytes) in the It is the number of bits (bytes) in the key.key.

A 2-bit key has four valuesA 2-bit key has four values– 00, 01, 10, 11 in its key space00, 01, 10, 11 in its key space

A key of length “n” has a key space of A key of length “n” has a key space of 2^n distinct values.2^n distinct values.

E.g. the key is 128 bitsE.g. the key is 128 bits– 101010101010….10010101111111101010101010….10010101111111– There are 2^128 combinations There are 2^128 combinations – 340 282 366 920 938 463 463 374 607 431 768 340 282 366 920 938 463 463 374 607 431 768

211 456211 456



7

Secret-key EncryptionSecret-key Encryption

Use a secret key to encrypt a Use a secret key to encrypt a message into ciphertext.message into ciphertext.

Use the same key to decrypt the Use the same key to decrypt the ciphertext to the original ciphertext to the original message.message.

Also called “Symmetric Also called “Symmetric cryptography”.cryptography”.


Secret Key Secret Key



8

Secret Key How to?Secret Key How to?

Encrypted TextOriginal Text

+

Secret key

=

Encrypted Text Original TextSecret key

+ =

Encryption

Decryption



9

Secret-Key Problem?Secret-Key Problem?

All keys need to All keys need to be replaced, if be replaced, if one key is one key is compromised.compromised.

Not practical for Not practical for the Internet the Internet environment.environment.

On the other On the other hand, the hand, the encryption speed encryption speed is fast.is fast.

Suitable to Suitable to encrypt your encrypt your personal data.personal data.



10

Secret-Key algorithmsSecret-Key algorithms

Algorithm Algorithm NameName

Key Length Key Length (bits)(bits)

BlowfishBlowfish Up to 448Up to 448

DESDES 5656

IDEAIDEA 128128

RC2RC2 Up to 2048Up to 2048



Triple DESTriple DES 192192

References:

BlowfishDESIDEARC2RC4RC5DES-3



11

Public-key EncryptionPublic-key Encryption

Involves 2 distinct keys – Involves 2 distinct keys – publicpublic, , privateprivate.. The private key is kept secret and never be divulged, The private key is kept secret and never be divulged,

and it is password protected (Passphase).and it is password protected (Passphase). The public key is not secret and can be freely The public key is not secret and can be freely

distributed, shared with anyone.distributed, shared with anyone. It is also called “asymmetric cryptography”.It is also called “asymmetric cryptography”. Two keys are mathematically related, it is infeasible to Two keys are mathematically related, it is infeasible to

derive the private key from the public key.derive the private key from the public key. 100 to 1000 times slower than secret-key algorithms.100 to 1000 times slower than secret-key algorithms.


Public Key Private Key



12

How to use 2 different How to use 2 different keys?keys?

Just an example:Just an example:– Public KeyPublic Key = 4, = 4, Private KeyPrivate Key = 1/4, = 1/4,

message M = 5message M = 5– Encryption:Encryption:

Ciphertext C = M * Ciphertext C = M * Public KeyPublic Key 5 * 4 = 205 * 4 = 20

– Decryption:Decryption: Plaintext M = C * Plaintext M = C * Private KeyPrivate Key 20 * ¼ = 520 * ¼ = 5



13

Public-Private Public-Private EncryptionEncryption

First, create publicand private key

Public key

Private key

Private key

Private key stored inyour personal computer

Public Key Directory

Public Key

Public key stored in the directory



14

Message EncryptionMessage Encryption((User AUser A sends message to sends message to User User BB))

Public Key Directory

Text

User A

User B’s Public Key

Encryption

Encrypted Text



15

Message EncryptionMessage Encryption

Original Message Encrypted Message



16

Transfer Encrypted Transfer Encrypted DataData

User A

Encrypted Text

Encrypted Text

Insecure Channel

User B



17

Decryption with your Decryption with your Private keyPrivate key

Encrypted Text

User B’sPrivate key

Private key stored inyour personal computer

Decryption

Original Text

User B



18

Asymmetric algorithmsAsymmetric algorithms

Algorithm Algorithm NameName

Key Length Key Length (bits)(bits)

DSADSA Up to 448Up to 448

El GamalEl Gamal 5656

RSARSA 128128

Diffie-HellmanDiffie-Hellman Up to 2048Up to 2048

References:

DSAEl GamalRSADiffie-Hellman



19

How difficult to crack a How difficult to crack a key?key?

Key Key LengtLengthh

IndividuIndividual al AttackerAttacker

Small Small GroupGroup

Academic Academic Network Network

Large Large CompanyCompany

Military Military Inteligence Inteligence AgencyAgency

4040 WeeksWeeks DaysDays HoursHours MillisecondsMilliseconds MicrosecondsMicroseconds

5656 CenturieCenturiess

DecadesDecades YearsYears HoursHours SecondsSeconds

6464 MillenniMillenniaa

CenturieCenturiess

DecadesDecades DaysDays MinutesMinutes

8080 InfeasiblInfeasiblee

InfeasiblInfeasiblee

InfeasibleInfeasible CenturiesCenturies CenturiesCenturies

128128 InfeasiblInfeasiblee

InfeasiblInfeasiblee

InfeasibleInfeasible InfeasibleInfeasible MillenniaMillennia

AttackerAttacker Computer ResourcesComputer Resources Keys / SecondKeys / Second

Individual attackerIndividual attacker One high-performance desktop machine & SoftwareOne high-performance desktop machine & Software 2^17 – 2^242^17 – 2^24

Small groupSmall group 16 high-end machines & Software16 high-end machines & Software 2^21 – 2^242^21 – 2^24

Academic NetworkAcademic Network 256 high-end machines & Software256 high-end machines & Software 2^25 – 2^282^25 – 2^28

Large companyLarge company $1,000,000 hardware budget$1,000,000 hardware budget 2^432^43

Military Intelligence agencyMilitary Intelligence agency $1,000,000 hardware budget + advanced technology$1,000,000 hardware budget + advanced technology 2^552^55



20

Crack DES-3 (Secret-Crack DES-3 (Secret-key)key)

Distributed.net connects100,000 PCs on the Net, to get a record-breaking22 hr 15 min to crackthe DES algorithm.

Speed: 245 billion keys/s

Win $10,000



21

Message-Digest Message-Digest AlgorithmsAlgorithms It maps a variable-length input It maps a variable-length input

message to a fixed-length output message to a fixed-length output digest.digest.

It is not feasible to determine the It is not feasible to determine the original message based on its original message based on its digest.digest.

It is impossible to find an arbitrary It is impossible to find an arbitrary message that has a desired message that has a desired digest.digest.

It is infeasible to find two It is infeasible to find two messages that have the same messages that have the same digest.digest.



22

Message-Digest How Message-Digest How toto A hash function is a A hash function is a

math equation that math equation that create a message create a message digest from digest from message.message.

A message digest is A message digest is used to create a used to create a unique digital unique digital signature from a signature from a particular particular document.document.

MD5 exampleMD5 example

Hash Function

Original Message(Document, E-mail)

Digest



23

Message Digest DemoMessage Digest Demo



24

Message-DigestMessage-Digest

Message-Digest Message-Digest AlgorithmAlgorithm

Digest Length Digest Length (bits)(bits)

MD2MD2 128128

MD4MD4 128128

MD5MD5 128128

Secure Hash Secure Hash Algorithm (SHA)Algorithm (SHA)

160160

References:

MD2MD4MD5SHA



25

Digital SignatureDigital Signature

Digital signature can be used in Digital signature can be used in all electronic communicationsall electronic communications– Web, e-mail, e-commerceWeb, e-mail, e-commerce

It is an electronic stamp or seal It is an electronic stamp or seal that append to the document.that append to the document.

Ensure the document being Ensure the document being unchanged during transmission.unchanged during transmission.



26

How digital Signature How digital Signature works?works?

User A

User B

Use A’s private key to sign the document

Transmit via the Internet

User B receivedthe document withsignature attachedVerify the signature

by A’s public key storedat the directory



27

Digital Signature Digital Signature Generation and Generation and VerificationVerification

Message Sender Message Receiver

Message Message

Hash function

Digest

Encryption

Signature

Hash function

Digest

Decryption

Expected Digest

PrivateKey

PublicKey



28

Digital SignatureDigital Signature

ReferencReferencee



29

Key ManagementKey Management

Private key are password-Private key are password-protected.protected.

If someone want your private key:If someone want your private key:– They need the file contains the keyThey need the file contains the key– They need the passphrase for that They need the passphrase for that

keykey If you have never written down If you have never written down

your passphrase or told anyoneyour passphrase or told anyone– Very hard to crackVery hard to crack– Brute-forceBrute-force attack won’t work attack won’t work



30

Digital CertificatesDigital Certificates

Digital Certificate is a data with Digital Certificate is a data with digital signature from one trusted digital signature from one trusted Certification Authority (CA).Certification Authority (CA).

This data contains:This data contains:– Who owns this certificateWho owns this certificate– Who signed this certificateWho signed this certificate– The expired dateThe expired date– User name & email addressUser name & email address



31

Digital CertificateDigital Certificate

ReferencReferencee



32

Elements of Digital Elements of Digital Cert.Cert.

A Digital ID typically contains the following information:A Digital ID typically contains the following information:– Your public key, Your name and email addressYour public key, Your name and email address– Expiration date of the public key, Name of the CA who issued your Digital Expiration date of the public key, Name of the CA who issued your Digital

IDID



33

Certification Authority Certification Authority (CA)(CA) A trusted agent who certifies public A trusted agent who certifies public

keys for general use (Corporation or keys for general use (Corporation or Bank).Bank).– User has to decide which CAs can be User has to decide which CAs can be

trusted.trusted. The model for key certification based The model for key certification based

on friends and friends of friends is on friends and friends of friends is called “Web of Trust”.called “Web of Trust”.– The public key is passing from friend to The public key is passing from friend to

friend.friend.– Works well in small or high connected Works well in small or high connected

worlds.worlds.– What if you receive a public key from What if you receive a public key from

someone you don’t know?someone you don’t know?



34

CA model (Trust CA model (Trust model)model)

Root Certificate

CA Certificate

Browser Cert.

CA Certificate

Server Cert.



35

Web of Trust modelWeb of Trust model

Bob

A

B

Alice

D

C



36

Public Key Public Key Infrastructure (PKI)Infrastructure (PKI) PKI is a system that uses public-PKI is a system that uses public-

key encryption and digital key encryption and digital certificates to achieve secure certificates to achieve secure Internet services.Internet services.

There are 4 major parts in PKI.There are 4 major parts in PKI.– Certification Authority (CA)Certification Authority (CA)– A directory ServiceA directory Service– Services, Banks, Web serversServices, Banks, Web servers– Business UsersBusiness Users



37

Digital 21 . gov .hkDigital 21 . gov .hk

Reference:An official homepagewhich provides lot ofPKI, e-commerceinformation



38

PKI StructurePKI Structure

Certification Authority Directory services

UserServices,Banks,Webservers

Public/Private Keys



39

4 key services4 key services

Authentication – Digital CertificateAuthentication – Digital Certificate– To identify a user who claim who he/she is, in order to To identify a user who claim who he/she is, in order to

access the resource.access the resource. Non-repudiation – Digital SignatureNon-repudiation – Digital Signature

– To make the user becomes unable to deny that he/she To make the user becomes unable to deny that he/she has sent the message, signed the document or has sent the message, signed the document or participated in a transaction.participated in a transaction.

Confidentiality - EncryptionConfidentiality - Encryption– To make the transaction secure, no one else is able to To make the transaction secure, no one else is able to

read/retrieve the ongoing transaction unless the read/retrieve the ongoing transaction unless the communicating parties.communicating parties.

Integrity - EncryptionIntegrity - Encryption– To ensure the information has not been tampered during To ensure the information has not been tampered during

transmission.transmission.



40

Certificate SignersCertificate Signers



41

Certificate Enrollment Certificate Enrollment and Distributionand Distribution



42

Secure Web Secure Web CommunicationCommunication Server authentication is necessary for Server authentication is necessary for

a web client to identify the web site it a web client to identify the web site it is communicating with.is communicating with.

To use SSL, a special type of digital To use SSL, a special type of digital certificate – “certificate – “Server certificateServer certificate” is ” is used.used.

Get a server certificate from a CA.Get a server certificate from a CA.– E.g. E.g. www.www.hitrusthitrust.com..com.hkhk, ,

www.cuhk.edu.hk/ca/www.cuhk.edu.hk/ca/ Install a server certificate at the Web Install a server certificate at the Web

server.server. Enable SSL on the Web site.Enable SSL on the Web site. Client authentication – Client authentication –

Client certificatesClient certificates



43

Strong and Weak Strong and Weak EncryptionEncryption Strong encryptionStrong encryption

– Encryption methods that cannot be Encryption methods that cannot be cracked by brute-force (in a reasonable cracked by brute-force (in a reasonable period of time).period of time).

– The world fastest computer needs The world fastest computer needs thousands of years to compute a key.thousands of years to compute a key.

Weak encryptionWeak encryption– A code that can be broken in a practical A code that can be broken in a practical

time frame.time frame.– 56-bit encryption was cracked in 1999.56-bit encryption was cracked in 1999.– 64-bit will be cracked in 2011.64-bit will be cracked in 2011.– 128-bit will be cracked in 2107.128-bit will be cracked in 2107.



44

Pretty Good Privacy Pretty Good Privacy (PGP)(PGP) Release in June 1991 by Philip Release in June 1991 by Philip

Zimmerman (PRZ)Zimmerman (PRZ) PGP is a hybrid cryptosystem that PGP is a hybrid cryptosystem that

allows user to encrypt and allows user to encrypt and decrypt.decrypt.

Use session key “a random Use session key “a random generated number from the generated number from the mouse movement or keystrokes”mouse movement or keystrokes”

Demo & TutorialDemo & Tutorial



45

PGP Public KeyPGP Public Key

Philip R Zimmermann's Public KeysPhilip R Zimmermann's Public Keys Current DSS/Diffie-Hellman Key:Current DSS/Diffie-Hellman Key: Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E -----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 7.0.3Version: PGP 7.0.3

mQGiBDpU6CcRBADCT/tGpBu0EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/mQGiBDpU6CcRBADCT/tGpBu0EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5XDFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/9j+5XDFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dJecD/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGdGroARZ+kxYq/0UAr3hMK6zcA/egvWRGsm9dJecD/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGdGroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRTLa9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRTLk0sfiWEdcBM/k0sfiWEdcBM/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kxipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kxipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQq/31aev3HDy20YayxAE94BWIsKkhaMyokAYQQfEQIAIQUCOlTwWwIHABcMgBE/c+Q4+RFQq/31aev3HDy20YayxAE94BWIsKkhaMyokAYQQfEQIAIQUCOlTwWwIHABcMgBE/xzIEHSPp6mbdtQCcnbwh33TcYQAKCRDHRjY5std5Xle4AKCh1dqtFxD/xzIEHSPp6mbdtQCcnbwh33TcYQAKCRDHRjY5std5Xle4AKCh1dqtFxD/BiZMqdP1eZYG8AZgTACfU7VX8NpIaGmdyzVdrSDUo49AJae0IlBoaWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAbWl0LmVkdT6JAFUEEBECABUFAjBiZMqdP1eZYG8AZgTACfU7VX8NpIaGmdyzVdrSDUo49AJae0IlBoaWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAbWl0LmVkdT6JAFUEEBECABUFAjpU6CcFCwkIBwMCGQEFGwMAAAAACgkQx0Y2ObLXeV5WUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr2e6QnV5Z0yjjiQBGpU6CcFCwkIBwMCGQEFGwMAAAAACgkQx0Y2ObLXeV5WUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr2e6QnV5Z0yjjiQBGBBARAgAGBQI6VOkSAAoJEGPLaR3669X8JPcAnim4+Hc0oteQZrNUeuMSuirNVUr7AKC1WXJI7gwMq0Agz07hQs+BBARAgAGBQI6VOkSAAoJEGPLaR3669X8JPcAnim4+Hc0oteQZrNUeuMSuirNVUr7AKC1WXJI7gwMq0Agz07hQs++POJBMokARgQQEQIABgUCOlcobQAKCRDXjLzlZqdLMVBtAKDa5VPcb6NVH6tVeEDJUv+tBjp6oACeLoNtfbs2rvJkgKDHWEIDmJdgy2GJAD8D+POJBMokARgQQEQIABgUCOlcobQAKCRDXjLzlZqdLMVBtAKDa5VPcb6NVH6tVeEDJUv+tBjp6oACeLoNtfbs2rvJkgKDHWEIDmJdgy2GJAD8DBRA6WP4Y8CBzV/QUlSsRAkmdAKC3TfkSSeh+poPFnMfW+/Y/+AAEEpGSUYAAQEAAAEAAQAA/BRA6WP4Y8CBzV/QUlSsRAkmdAKC3TfkSSeh+poPFnMfW+/Y/+AAEEpGSUYAAQEAAAEAAQAA/9sAQwAKBwcIBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47///9sAQwAKBwcIBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47///EALUQAAIBAwMCBAMFBEALUQAAIBAwMCBAMFB

…………………………………………………………………………………………………………………………………….... QQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9P

X29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//X29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTEALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A9mooooAKKKKACsjW/Eum6FGTdS7pcfLEv3j/AIfjWV428XHQrf7HY4e/Z2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A9mooooAKKKKACsjW/Eum6FGTdS7pcfLEv3j/AIfjWV428XHQrf7HY4e/lHXIxEvqfevH7y8lupXmmuJppWOZJC+AD9aly7GkIX1Z3OpfE3Up3K2EUVumcdN7fy/pWLL4415wPM1GWPJyNpK/0Fc5btG/lHXIxEvqfevH7y8lupXmmuJppWOZJC+AD9aly7GkIX1Z3OpfE3Up3K2EUVumcdN7fy/pWLL4415wPM1GWPJyNpK/0Fc5btG/Pktkfx7yTVhYAGLsAxbryf5c5rNvzNlG3Q6yz8ZaxEyudQkcZ+7JtYH867PRfG9nfIsd7/o8p/iI+U/4V5EI/Pktkfx7yTVhYAGLsAxbryf5c5rNvzNlG3Q6yz8ZaxEyudQkcZ+7JtYH867PRfG9nfIsd7/o8p/iI+U/4V5EI/IGV+XUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICDACNUV4K2PS6h574Z3NaBsIQe5jkVO48MSohjC6s29CjPhlU79cQIYWmBpuNfwroZ6zltyz6Y2Fm6IGV+XUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICDACNUV4K2PS6h574Z3NaBsIQe5jkVO48MSohjC6s29CjPhlU79cQIYWmBpuNfwroZ6zltyz6Y2Fm65V0IfvVicR7zvFFCOhahMuk1cr+Qp936OMEq9sLZGxTjClgwrHGS7YpMSZrEC7bpOmERjo4F/5V0IfvVicR7zvFFCOhahMuk1cr+Qp936OMEq9sLZGxTjClgwrHGS7YpMSZrEC7bpOmERjo4F/n5YmCHJCH8QzCOc9+80gjVEsHiJVABrC8yykjKL5x1V/PSArE4QtMLbkBPGmQYOw8bx6jCHoO43QjUzbqRfBMHZqWVJyoIIZCp+n13XM4+NO/n5YmCHJCH8QzCOc9+80gjVEsHiJVABrC8yykjKL5x1V/PSArE4QtMLbkBPGmQYOw8bx6jCHoO43QjUzbqRfBMHZqWVJyoIIZCp+n13XM4+NO/cDVsZ8bjch0LIOyMrT85n24yfXRlP0s7BFjLm59Jjhf4djuJWikJawWETlypAy86OYRRuwCbIyNauBeTKy+avZvF2oLvpwH4UnudpC06/cDVsZ8bjch0LIOyMrT85n24yfXRlP0s7BFjLm59Jjhf4djuJWikJawWETlypAy86OYRRuwCbIyNauBeTKy+avZvF2oLvpwH4UnudpC06/O0jkj2lQpn9EEUw11RwO6sq9zYTwAUyKerN00cbCfyiZl01CIo0btcTO6hQK3c67PaloJ9lVH8/mH7LuqkMLDH5ugkpzmed/O0jkj2lQpn9EEUw11RwO6sq9zYTwAUyKerN00cbCfyiZl01CIo0btcTO6hQK3c67PaloJ9lVH8/mH7LuqkMLDH5ugkpzmed/8SorfqVkakne6b4mRySFCBXaVZoKmDHzcH2oSSMhM9exyh6dzi1bGu6JAEwEGBECAAwFAjpU6CcFGwwAAAAACgkQx0Y2ObLXeV7lbQCg+N+8SorfqVkakne6b4mRySFCBXaVZoKmDHzcH2oSSMhM9exyh6dzi1bGu6JAEwEGBECAAwFAjpU6CcFGwwAAAAACgkQx0Y2ObLXeV7lbQCg+N+fI3bzqF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7 ReMDlYoIZwRR =Bgy+ fI3bzqF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7 ReMDlYoIZwRR =Bgy+

-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----



46

PGP encryptionPGP encryption

ReferencReferencee



47

PGP decryptionPGP decryption

ReferencReferencee



48

Secure SHell (SSH)Secure SHell (SSH)

Provide an Provide an encrypted encrypted secure secure channel channel between between client and client and server.server.

Replacement Replacement for telnet and for telnet and ftp.ftp.

Reference: Reference: SSHSSH



49

SummarySummary

Make sure you understand the Make sure you understand the relationship betweenrelationship between– EncryptionEncryption– Digital SignatureDigital Signature– Digital CertificateDigital Certificate– Certificate AuthorityCertificate Authority

Understand which Public/Private key Understand which Public/Private key should be used to encrypt/decrypt should be used to encrypt/decrypt message to/from you?message to/from you?

Discuss PGP, SET, SSH, encrypted Discuss PGP, SET, SSH, encrypted email.email.

Digital Signature, Digital Certificate CSC1720 – Introduction to Internet Essential Materials.

Documents

Transcript of Digital Signature, Digital Certificate CSC1720 – Introduction to Internet Essential Materials.