What Is Public Key Cryptography?
A method of cryptography in which two different keys are used: a public key for encrypting data and a private key for decrypting data. Public key cryptography is also called asymmetric cryptography.
What Is Public Key Cryptography Standards (PKCS)?
A family of standards for public key cryptography that includes RSA encryption, Diffie-Hellman key agreement, password-based encryption, extended-syntax, cryptographic message syntax, private key information syntax, and certificate request syntax, as well as selected attributes. Developed, owned, and maintained by RSA Data Security, Inc.
What Is a Public key?
The non secret half of a cryptographic key pair that is used with a public key algorithm. Public keys are typically used when encrypting a session key, verifying a digital signature, or encrypting data that can be decrypted with the corresponding private key.
What is a Private Key?
The secret half of a cryptographic key pair that is used with a public key algorithm. Private keys are typically used to decrypt a symmetric session key, digitally sign data, or decrypt data that has been encrypted with the corresponding public key.
A public key certificate, usually just called a certificate, is a digitally-signed statement that binds the value of a public key to the identity of the person, device, or service that holds the corresponding private key. Most certificates in common use are based on the X.509v3 certificate standard.
Certificates can be issued for a variety of functions such as Web user authentication, Web server authentication, secure e-mail (Secure/Multipurpose Internet Mail Extensions, or S/MIME), Internet Protocol security (IPSec), Transport Layer Security (TLS), and code signing. Certificates are also issued from one certification authority (CA) to another in order to establish a certification hierarchy.
The entity receives the certificate is the subject of the certificate. The issuer and signer of the certificate is a certification authority.
Typically, certificates contain the following information:
- The subject's public key value
- The subject's identifier information, such as the name and e-mail address
- The validity period (the length of time that the certificate is considered valid)
- Issuer identifier information
- The digital signature of the issuer, which attests to the validity of the binding between the subject’s public key and the subject’s identifier information.
Certificate Uses:
1. For example, when using the Internet for online banking, it is important to know that your Web browser is communicating directly and securely with your bank's Web server. Your Web browser must be able to achieve Web server authentication before a safe transaction can occur. That is, the Web server must be able to prove its identity to your Web browser before the transaction can proceed. Microsoft Internet Explorer uses Secure Sockets Layer (SSL) to encrypt messages and transmit them securely across the Internet, as do most other modern Web browsers and Web servers.
When you connect using an SSL-enabled browser to an online banking Web server that has a server certificate from a certification authority such as Verisign, the following events occur:
- You access your bank's secured online banking login Web page using your Web browser. If you use Internet Explorer, a locked-padlock icon will appear in the lower right corner of the browser status bar to indicate that the browser is connected to a secure Web site. Other browsers depict secure connections in other ways.
- The bank's Web server automatically sends a server certificate to your Web browser.
- To authenticate the Web server, your Web browser checks the certificate store on your computer. If the certification authority that issued the certificate to your bank is trusted, the transaction can proceed, and the bank certificate is stored in your certificate store.
- To encrypt all communications with the bank Web server, your Web browser creates a unique session key. Your Web browser encrypts the session key with the bank Web server certificate so that only the bank Web server can read messages sent by your browser. (Some of these messages will contain your login name and password and other sensitive information, so this level of security is necessary.)
- The secure session is established, and sensitive information can be sent between your Web browser and the bank's Web server in a secure manner.
2. Certificates can also be used to verify the authenticity of software code that you download from the Internet, install from your company intranet, or purchase on CD-ROM and install on your computer. Unsigned software—software that does not have a valid software publisher's certificate—can pose a risk to your computer and the information you store on your computer.
When software is signed with a valid certificate from a trusted certification authority, you know that the software code has not been tampered with and can be safely installed on your computer. During software installation, you are prompted to verify that you trust the software manufacturer (for example, Microsoft Corporation). You may also be offered the option to always trust software content from that particular software manufacturer. If you choose to trust content from the manufacturer, their certificate goes into your certificate store and other software installations of their products can occur with a circumstance of predefined trust. In the circumstance of predefined trust, you can install software from the manufacturer without being prompted to indicate whether they are trusted; the certificate on your computer states that you trust the manufacturer of the software.
0 comments:
Post a Comment