René Zubcevic
GitHub
parent
ef6993c636
commit
d5f78351a2
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
== Symmetric encryption
|
== Symmetric encryption
|
||||||
|
|
||||||
Symmetric encryption is based on a shared secret that is used for both encryption as well as decryption. Both parties involved in exchanging secrets therefore share the same key.
|
Symmetric encryption is based on a shared secret that is used for both encryption as well as decryption. Therefore, both parties (that are involved in exchanging secrets) share the same key.
|
||||||
|
|
||||||
Example protocols are:
|
Example protocols are:
|
||||||
|
|
||||||
@ -27,6 +27,6 @@ Here is a short description of what happens if you open your browser and go to a
|
|||||||
* The browser now generates random bytes to be used to generate a symmetric key and encrypts this with the public key of the server. So only the server can decrypt it.
|
* The browser now generates random bytes to be used to generate a symmetric key and encrypts this with the public key of the server. So only the server can decrypt it.
|
||||||
* At the end of this process both the browser and the webserver will use the exchanged symmetric key (in the asymmetric key exchange process) to encrypt and decrypt messages that are sent back and forth between the browser and the webserver.
|
* At the end of this process both the browser and the webserver will use the exchanged symmetric key (in the asymmetric key exchange process) to encrypt and decrypt messages that are sent back and forth between the browser and the webserver.
|
||||||
|
|
||||||
Symmetric keys are used because they can be used more safely for large amounts of data.
|
Symmetric keys are used because it can be used more easily with large sets of data and requires less processing power in doing so. However, the information on these pages is just for a basic understanding of cryptography. Look on the internet for more detailed information about these topics.
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -2,21 +2,21 @@
|
|||||||
|
|
||||||
A signature is a hash that can be used to check the validity of some data. The signature can be supplied separately from the data that it validates, or in the case of CMS or SOAP can be included in the same file. (Where parts of that file contain the data and parts contain the signature).
|
A signature is a hash that can be used to check the validity of some data. The signature can be supplied separately from the data that it validates, or in the case of CMS or SOAP can be included in the same file. (Where parts of that file contain the data and parts contain the signature).
|
||||||
|
|
||||||
Signing is used when integrity is important. It is meant to be a guarantee that data sent from A to B was not altered. So A signs the data by calculating the hash of the data and encrypting that hash using an asymmetric private key. B can then verify the data by calculating the hash of the data and decrypting the signature to compare if both hashes are the same.
|
Signing is used when integrity is important. It is meant to be a guarantee that data sent from Party-A to Party-B was not altered. So Party-A signs the data by calculating the hash of the data and encrypting that hash using an asymmetric private key. Party-B can then verify the data by calculating the hash of the data and decrypting the signature to compare if both hashes are the same.
|
||||||
|
|
||||||
== RAW signatures
|
== RAW signatures
|
||||||
|
|
||||||
A raw signature is usually calculated as follows:
|
A raw signature is usually calculated by Party-A as follows:
|
||||||
|
|
||||||
* create a hash of the data (e.g. SHA-256 hash)
|
* create a hash of the data (e.g. SHA-256 hash)
|
||||||
* encrypt the hash using an asymmetric private key (e.g. RSA 2048 bit key)
|
* encrypt the hash using an asymmetric private key (e.g. RSA 2048 bit key)
|
||||||
* (optionally) encode the binary encrypted hash using base64 encoding
|
* (optionally) encode the binary encrypted hash using base64 encoding
|
||||||
|
|
||||||
B will have to get the certificate with the public key as well. This might have been exchanged before. So at least 3 files are involved: the data, the signature and the certificate.
|
Party-B will have to get the certificate with the public key as well. This might have been exchanged before. So at least 3 files are involved: the data, the signature and the certificate.
|
||||||
|
|
||||||
== CMS signatures
|
== CMS signatures
|
||||||
|
|
||||||
A CMS signature is a standardized way to send data + signature + certificate with the public key all in one file from A to B. As long as the certificate is valid and not revoked, B can use the supplied public key to verify the signature.
|
A CMS signature is a standardized way to send data + signature + certificate with the public key all in one file from Party-A to Party-B. As long as the certificate is valid and not revoked, Party-B can use the supplied public key to verify the signature.
|
||||||
|
|
||||||
== SOAP signatures
|
== SOAP signatures
|
||||||
|
|
||||||
@ -35,6 +35,6 @@ Governments usually send official documents with a PDF that contains a certifica
|
|||||||
|
|
||||||
== Assignment
|
== Assignment
|
||||||
|
|
||||||
Here is a simple assignment. A private RSA key is sent to you. Determine the modulus of the RSA key as a hex string, and calculate a signature for that hex string using the key.
|
Here is a simple assignment. A private RSA key is sent to you. Determine the modulus of the RSA key as a hex string, and calculate a signature for that hex string using the key. The exercise requires some experience with OpenSSL. You can search on the Internet for useful commands and/or use the HINTS button to get some tips.
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user