Sunday 22 December 2013

Digital Signatures

I recommend you to read my previous post "cryptography basics" before starting on this one.

So as discussed previously, Alice has two keys a public key and a private key. Alice's Public key is available to anyone who needs it, but he keeps his Private Key to himself. 


Keys are used to encrypt information, so that only a person with the appropriate key can make it readable again. Either one of Alice's two keys can encrypt data, and the other key can decrypt that data.

Using his private key and helping software, Alice can digitally sign documents. 
  • Digital signatures are used to verify that a message really comes from the claimed sender. 
  • They can also ensure that the original content of the message has been sent unchanged. 
  • They are also difficult to forge (if Alice keep his private key secret)
  • They can also be used to time stamp documents, i.e. testifying that the document existed at the stated time.

How Digital signatures are created and how they work

 1.  First, the message is transformed in to just few lines using hashing. 
(hashing uses a hash function that takes an arbitrary block of data and returns a fixed-size bit string, the "cryptographic hash value", such that any (accidental or intentional) change to the data will (with very high probability) change the hash value, also it impossible to get the original message back from a given hash value)


 2.  Now this generated message digest is encrypted using Alice's private key, this resulted encrypted data is a digital signature.

 3. The generated signature is appended to the original document, to create a signed document.
Now suppose, Alice sends this signed document to his lawyer Bob.

Bob
 

 

1. Bob decrypts the signature using Alice's public key

 If Bob is able to successfully decrypt the signature using Alice public key, it confirms that Alice only signed this document (as he only has the private key).

 2. Next, Bob generates message digest (using hashing) of that document
3. If the message digest created in step 2, matches the message digest created in step 1, it indicates that message content was not changed. So now Bob is sure that this document was sent by Alice and no one changed the message content in between.

 In next post I will discuss digital certificates and role of Certificate Authorities.
Posted by at 3 comments:

Friday 20 December 2013

Cryptography Basics


Cryptography

 Its a science of writing in secret code, i.e. to protect message from being viewed by unauthorised parties.
A message is converted to a form, that even if its intercepted by unauthorised parties, they can not make any sense out of that message.

 Cryptography Terminology

 Plaintext: the actual message

Encryption: Encoding of message content to hide it contents.

Ciphertext: encrypted message

Decryption: Process of retrieving plain text from cypher text. 

Cryptographic Algorithms


Encryption/decryption usually make use of  a key, following are the two classes of key based encryption algorithms:

1. Symmetric (Secret key)
2. Asymmetric (Public key)

Symmetric (secret key) Cryptography

 Single key is used for both encryption & decryption

  • It is called symmetric as single key is used for both encryption & decryption.
  • Obviously key must be known to both sender and receiver, but it should remain secret for outside world.
  • Biggest difficulty with this system is distribution of key
  • e.g. DSA algorithm 

 Asymmetric (public key) cryptography 

  • This system uses separate keys for encryption and decryption.
  • Computationally infeasible to determine decryption key from encryption key and vice-versa.

  • One key is designated as public and advertised as widely as owner wants, the other key is private and is never revealed.
  • For e.g. suppose Alice publishes its encryption key, anyone can use that key to encrypt message, but only Alice can decrypt it (as he only has the private key) 
  • e.g. RSA algorithm

Private key Vs Public key

Computing public key cipher takes much longer than using symmetric key for encoding the same message.
But with symmetric key, distribution of key in safe manner is difficult.

So In practice, below approach is used:
  • Message is encrypted using secret key cryptography
  • secret key itself is encoded using public key cryptography
  • i.e. public key system "transports" the secret key
  • As secret key is usually much shorter than the message, it results in significantly faster processing than using public key cryptography alone.




Summary

In this post we discussed basic concepts of cryptography. We understood two types of cryptographic systems: public key and secret key.

In next post we will discuss what are digital signatures and digital certificates.




Posted by at No comments:
Subscribe to: Posts (Atom)