http://www-math.cudenver.edu/~wcherowi/courses/m5410/ctcrsa.html The combination of private key (symmetric) and public key (asymmetric) encryption appears in two widely used security enhancements for electronic mail - PGP - and Web browsing - SSL. PGP - Pretty Good Privacy PGP is a hybrid system for sending enciphered, digitally signed messages usually by email. Features: combination of algorithms in a set of utility software for encryption of messages, digests, and keys message digest used for digital signature key generation for private session key key generation for users' public/private key pairs key management and certification Sending a message 1. Attach message signature 128 bit message digest plus timestamp is enciphered with sender's private key 2. Compress message + digest Removes redundancy - makes more secure (harder to attack) and makes message smaller 3. Create session key 4. Symmetric encryption for message contents and signature Method is not DES - uses IDEA (see Tanenbaum p 596). Uses session key. 5. Encrypt session key The session key is encrypted using RSA on receiver's public key. 6. Transmit (4) & (5) Session key - digest and encryption a session key is generated for each message sent changes every time made different by timestamp made different by timing how user types input on the spot key is sent to recipient using receiver's public key + RSA (asymmetric) message is sent using session key +IDEA (symmetric encryption) message includes digital signature using MD5 and RSA authentication non-repudiation integrity PGP key management summary a public key/private key pair is generated by PGP utility software for user on request user's private key is stored securely on user's disk, encrypted using user's pass phrase (from user's wetware memory) user's public key is made available in a record for giving away to others (user id, public key, timestamp) Certification is a key concept Client/user will trust a public key if can get a Certificate for that key a digitally signed (user id, public key, timestamp) encrypted with a trusted person's private key Certificates can be checked by decryption with this trusted person's public key. This person may be a CA (Certificate Authority). Any accepted certificates are kept as trusted public keys in a public keyring file and can be used automatically to check any later incoming certificates. Leads to a network of trust building up. PGP Standardisation and legal issues Legal Issues Not allowed to use within some countries by law (e.g. France) Early version violates some USA patents (in USA only) Zimmerman may be on trial for "exporting munitions" but see New Scientist this week, Standards PGP is not a standard, but is freely available. Algorithms are open. Techno-politics A political agenda is evident in the documentation. Privacy - independence from government SSL - Secure Socket Layer Netscape Communications Corporation proprietary protocol. see <URL:http://home.netscape.com/newsref/std/ssl_2.0_certificate.html> and <URL:http://home.netscape.com/newsref/ref/128bit.html> Protocol is built into Netscape browsers (and servers). Provides privacy by encryption authentication by certificates and public/private keys data integrity by digital signature SSL is a replacement for the socket layer - i.e. transport layer not specific to HTTP alone. Available servers listen on different ports. shttp secure HTTP server ssmtp secure mail transfer (between MTAs) snews secure news spop3 secure mail post office protocol (between user mail agent and store) Transparent to user in operation Appears within HTML as replacement of URL http://somewhere.org/thing.html with https://somewhere.org/thing.html or use in HTML form for ACTION <form method=POST action="https://abc.com/cgi_bin/get_credit-card_no" ...> SSL operation Initial handshake between client and server when making connection server sends certificate containing ID and public key to client - certificate is RSA public key encrypted with a CA's private key client checks certificate against own certificate database or else checks signature of CA on the certificate - Certificate Authority User can accept certificates and build up own list in client database. Netscape builds in initial list of trusted Certificate Authorities see Netscape browser->options->Security preferences->Site certificates length/type of secret session keys and algorithm to use are negotiated between client and server client creates 4 x private keys for session with a server client sends 4 keys to server encrypted with server's public key (known from certificate) client sends requests - encrypted - RC2, RC4 or DES (using key K1) - digitally signed - MD5 or SHA-1, RSA (using key K2) server sends responses similarly encrypted (K3), digitally signed (K4) For efficiency a session can contain several HTTP requests with a server. SSL - standardisation and legal issues Legal issues SSL is exported as crippled outside USA (< 512 bit RSA keys; <40 bit secret keys) so is not barred by USA export restrictions. Standard SSL has been submitted to Internet Engineering Task Force (IETF) as a draft standard - like an RFC. Techno-politics Netscape interests in commerce on the Web - want to build trust for transmission of Credit Card details etc. - commercial reasons for them to make the protocol as (apparently) openly trustworthy as possible Ssh Ssh was built by Tatu Ylonen as a secure replacement for telnet. It uses port 22. The client and server use encryption to make sure that an intruder listening to the network and inserting messages on the network cannot derive useful information about the conversation and cannot interfere with the conversation. During the first phase of connection, the client and server use public-key encryption to agree on a session key. Public-key encryption was first described by Diffie and Hellman in 1976. Every computer has a key pair (two keys) that it invents. The two keys in the pair are related to each other, but knowing one does not help anybody discover the other. One of the two keys is called the public key. It is published and is given to anybody who asks for it. The other key is called the private key. It is never revealed to anybody. A message can be encrypted (that is, scrambled) with either the public or the private key. It can then be decrypted (that is, unscrambled) only with the other key in the key pair. If A and B want to send each other secret messages, then the messages A sends to B should be encrypted with B's public key, and the messages B sends to A should be encrypted with A's public key. Only the recipients of these messages know how to decrypt (by using their private keys). If A wants to send B a signed message, A can encrypt the message with A's private key. B can read the message by decrypting with A's public key, and knows that only A (or anyone who has stolen A's private key) could have sent such a message. The methods of public-key encryption are slow, so ssh only uses them for initial connection and to agree on a session key for this conversation. Then the ssh client and server switch to one of several conventional encryption methods such as idea, blowfish, des, 3des, arcfour, or tss for the rest of the conversation, using the session key they have agreed on. Conventional encryption uses the same key for both encryption and decryption. The length of a key dictates how easy it is to break the cipher using a brute-force attack, that is, one that just tries all possible keys. A key of only 10 bits requires only 1024 guesses, which can be done in well under a second. A key of 56 bits can be guessed in a few months of time on the Internet. For its first phase, Ssh uses keys of about 1000 bits.