How certificates

1
How certificates digital signatures work

• Anton Lushenko

2
Overview

• Hash
• Public Key Encryption
• Digital Signatures
• Digital Certificates

3
Hashing Algorithms

• Create encryption keys for use with symmetric key
  ciphers
• Provide proof that files are authentic and
  unaltered
• Aid in the creation of digital signatures

4
Usage

• To give Web site visitors a way to determine if
  downloaded files are authentic
• To ID personal files and later determine whether
  they have been modified
• To create a semi-random number used by an
  encryption algorithm

5
Current Algorithms used

• MD family
• MD2
• MD4
• MD5
• SHA family
• SHA1
• SHA-224
• SHA-256
• SHA-384
• SHA-512

6
MD family

• Stands for message digest
• Current standard is MD5
• Created by Ronald Rivest in 1991
• RFC1321

7
SHA family

• Stands for Secure Hash Algorithm
• RFC 3174
• Used by P2P protocols
• Used in digital signatures
• Current vulnerabilities press for better hashing
  algorithms

8
Public Key Encryption
9
Public Key Encryption
10
Public Key Encryption
11
Public Key Encryption
12
Public Key Encryption

• Examples of well-regarded asymmetric key
  techniques for varied purposes include
• Diffie-Hellman, DSS (Digital Signature Standard),
  ElGamal, Paillier cryptosystem, RSA encryption
  algorithm
• Examples of poorly regarded asymmetric key
  algorithms include
• Merkle-Hellman the 'knapsack' algorithms
• Examples of protocols using asymmetric key
  algorithms include
• GPG, IKE, PGP, SSL, SILC, ssh
• Examples of applications include
• Digital signatures

13
Digital Signatures
14
Digital Signature Security

• Eve should not be able to forge Alice's digital
  signature.
• Eve should not be able to reuse one of Alice's
  digital signatures.
• Eve should not be able to alter a signed
  document.
• Alice should not be able to deny that she has
  signed a document.

15
Creating Digital Signatures

• PKCS 1 ( public-key cryptography standard)
• describes how to use the RSA algorithm for
  encryption and digital signatures.
• Choose two large prime numbers, p and q
• Compute npq
• Compute s(p-1)(q-1)
• Choose integer e 1ltelts coprime to s
• Compute d such as de1ks
• Public key (n, e)
• Private key (n, d)

16
example

• For public key (n3233,e17) encryption function
  is
• Cme mod n m17 mod 3233
• For private key (n3233,d2753) decryption
  function is
• Mcd mod n c2753 mod 3233
• M123, what is c?

17
Creating Digital Signature

• Summary
• Create H (hash)
• Hashing algorithm ID H DigestInfo
• Create array of padding bytes, PS
• (key length)-(digestinfo length)-3
• Combine the following to form the formatted data
• One byte with a value of 0
• One byte with a value of 1
• The padding string PS
• DigestInfo, represented as bytes
• Encrypt resulting data with RSA

18
Algorithm Hexadecimal IDs

• MD5
• 30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00
  04 10
• SHA-1
• 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14
• SHA-256
• 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05
  00 04 20
• SHA-384
• 30 41 30 0d 06 09 60 86 48 01 65 03 04 02 02 05
  00 04 30
• SHA-512
• 30 51 30 0d 06 09 60 86 48 01 65 03 04 02 03 05
  00 04 40

19
Digital Certificates

• A digital certificate is a computerized
  equivalent of a passport.
• File stored on a computer
• Used to identify
• Person
• Computer
• application

20
Digital Certificates

• Based on
• Public Key Infrastructure
• X. 509 v3
• Certificate Authorities

21
PKI

• Enables users to encrypt and decrypt messages
• Is closely tied to an enterprises directory
  scheme

22
X.509

• First issued in 1988
• Includes standards for certificate revocation
  list (CRL)
• Often neglected part of PKI system
• RFC 3280
• OCSP is an alternative

23
Purpose of Digital Certificates

• Identification
• Encryption
• Authentication

24
(No Transcript)
25
References

• Wikipedia
• Programming .NET Security by Adam Freeman, Allen
  Jones
• Privacy Defended Protecting Yourself Online by
  Gary Bahadur, William Chan, Chris Weber