DIGITAL SIGNATURES: AN IN DEPTH ANALYSIS

advertisement
CSY3023 | Internet and Computer Security | Technical Paper
DIGITAL SIGNATURES: AN IN DEPTH ANALYSIS
1. ABSTRACT
In a network such as Internet, one of the most important security concerns is the integrity
of data. Data integrity in its simplest form refers to the assurance of message originality
as it is transferred from the sender to receiver. When any message is transferred in the
internet, it has to pass through a series of network links such as routers before it actually
reaches the recipient. These network links may contain insecure adversary paths through
which the message has to be passed. It is in these non-secure paths, that the data is likely
to be tampered in which case; the recipient gets a modified data from the adversary party
instead of the original message from the authentic sender. Digital Signatures are one of
the most fundamental cryptographic primitives which are used for the secure and
authentic communication between two or more parties. They are the mathematical
schemes which demonstrate the authenticity of any digital information or document
thereby giving the receiver a valid reason to believe that the message was sent by an
authentic sender and was not tampered or altered in transit. So basically speaking, the
paper will discuss an overview of digital signature, how it is created, what are the
technologies involved, demonstration of ways of using this technology to validate the
identity of the user and why is used in the first place discussing some of its major
advantages over non-secure communication.
2. INTRODUCTION
Digital Signatures in many aspects are similar to hand-written signatures the difference
being that the digital ones are cryptographically based and cannot easily be forged once
they are properly implemented. Apart from this, one of the key features of digital
signatures is the non-repudiation – meaning the signer cannot successfully claim that
he/she did not sign the message. It is a form of asymmetric cryptography and involves
two algorithms with a pair of public and private key. The first algorithm is used for
signing with the sender's private or secret key and the other algorithm is used to verify
the signature using the corresponding public key. The end result of this process is what
digital signature is all about. Precisely speaking, the input of digital signatures is called
Rajesh Agrawal | 09289557
Page | 1
CSY3023 | Internet and Computer Security | Technical Paper
“message”, and this message can be anything from a letter to a large legal contract paper.
The digital signature in all cases follows a scheme which involves three algorithms – key
generation algorithm (randomly produces a public/private key pair), signing algorithm
(combining signing key and input to create signature) and signature verifying algorithm
(used to either accept or reject the signature).
Before moving on to the actual working of digital signature process, an overall
understanding of digital signature, why is in necessary and the technologies involved in
very necessary. So let us focus on the overall background and importance of digital
signatures.
3. WHY DIGITAL SIGNATURES?
As discussed above, digital signatures are used for secure data communication and
protecting the integrity of message sent between two or more users. Basically, digital
signatures provide three basic functions for any data transfer – Authentication,
Authorization and Verification of Data Integrity. Let us briefly discuss how the use of
digital signature provides these functionalities and protection:
 AUTHENTICATION:
When any message is sent across the network, it contains information about the entity
sending the message. This is where the authenticity of the message comes into play.
The use of digital signatures provides us a mechanism to authenticate the source and
sender of the message. A valid signature reflects that the message was sent by a
specific user having the ownership of the digital signature secret key. Thus, digitally
signed documents securely identify the author of the document through this attribute.
 AUTHORIZATION:
The authentication attribute of digital signatures provides a basis for the authorization
process. This is more vivid when digital signatures are used to secure documents and
its permissions. Once an application knows the identity of a subject, it may then
specify what set of operations and commands that sender may execute. Digital
signatures can be also used in Digital Rights Management (DRM) scheme such that
Rajesh Agrawal | 09289557
Page | 2
CSY3023 | Internet and Computer Security | Technical Paper
author can decide who is allowed to read, modify or print the document.
 VERIFICATION OF DATA INTEGRITY:
When a document or message is transferred from sender to receiver, it may either be
corrupted by broken file transfer or by malicious intent of adversary parties in the
pathway. In order to prevent this, digital signatures comprise of checksums and
hashes to check the integrity of the message sent across. When a digital signature is
attached to any file, it contains a hash value which is discussed later in the paper. If
the document is altered before reaching the intended recipient, the document will
generate a different hash value which confirms that the document is altered and
corrupted. On the other hand, if the has value generated at the receiving end exactly
matches the value in digital signature, the document is believed to be unaltered.
Apart from these basic attributes, digital signature also provides non-repudiation, security
and accountability. The figure below illustrates the benefits of using digital signatures.
Figure 1: Benefits of Digital Signature
4. TECHNOLOGIES OF DIGITAL SIGNATURE
Digitally signing any message or document involves a combination of three core
technologies – Hashing Algorithms, Encryption Algorithms and Public Key Certificates.
In order to understand how digital signatures actually work, it is very important to
Rajesh Agrawal | 09289557
Page | 3
CSY3023 | Internet and Computer Security | Technical Paper
understand these technologies separately. Let us discuss each of these technologies and
how they comprise to form a digital signature together:
4.1 HASHING ALGORITHMS
A hash algorithm takes an input and returns a fixed length string which is called hash
value, hash sum, message digest of simply hashes. It is a means of turning data into a
relatively small number of strings that then may act as a fingerprint of the larger
document of data. Hash algorithms provide a basis for the confirmation of data integrity
in security attributes such as Digital Signatures. The figure below shows how hashing
works:
Figure 2: Hash Functions
The figure above demonstrates that even a small change in the input results to a vast
change in its hash sum. This is referred to as the Avalanche Effect.
Two of the most widely used hashing algorithms are – MD5 and SHA-1 which are briefly
discussed below:
 MD5 (Message-Digest Algorithm 5)
MD5 is a widely used cryptographic hash function providing integrity checks in
various security applications. MD5 is a 128-bit hash value and is expressed as a 32
digit hexadecimal number. MD5 was designed by Ronald Rivest of MIT as a series of
Rajesh Agrawal | 09289557
Page | 4
CSY3023 | Internet and Computer Security | Technical Paper
message digest algorithms. The most common purpose of MD5 digest is to provide an
assurance that a document or message transmission was intact without any alterations.
Usually file server provides a pre-computed MD5 checksum in order to compare the
MD5 checksum after downloading the file. UNIX operating systems usually have
inbuilt MD5 checksum utilities whereas Windows users have to use a third party
application. The following demonstrate any ASCII input and the corresponding hash:
md5(“The University of Northampton”)
=0dbad3fd321f01264eb2cb83d8200f90
md5(“The University of Northampton.”)
=2d640fc9049c9cca034df69328de7c7b
The above example shows that even a small change in the ASCII input (adding a
period) produces an altogether different hash. This is called the “Avalanche Effect”.
 SHA-1 (Secure Hash Algorithm 1)
Similar to MD5 hash algorithm, SHA-1 generates a fixed length digital representation
(message digest) from an input document or message of any size. SHA hash functions
were designed by National Security Agency (NSA) and published by the NIST as a
standard. SHA-1 hash produces a hash that is 160 bits long (whereas MD5 produces
128 bits hash). SHA-1 is deployed by a wide range of security applications and
protocols such as SSL, PGP, SSH, S/MIME, IPSec and TLS. The following is an
example of SHA-1 digest:
sha1(“The University of Northampton”)
=2ad2fe849d1cad2e573baa692ed9fb867c00b8b4
sha1(“University of Northampton”)
=c2407f4352e0062e0c88feebb216311e9b57a603
Rajesh Agrawal | 09289557
Page | 5
CSY3023 | Internet and Computer Security | Technical Paper
Thus, both MD5 and SHA-1 are hash functions used actively in the digital signatures
process. The major functions and attributes of these hash functions are:

Easy to compute and difficult to reverse

Difficult to find two input values resulting in same hash (such cases is called
“collision”)

Hash values can be stored separately or as a part of digital signature

Same hash function is used to compute hash for a received document and the
computed hash is compared with the saved hash to prove its integrity.
4.2 ENCRYPTION ALGORITHMS
Encryption refers to transforming the original text or message into non-readable format
by applying a function to the original message. The original message is called “plain text”
and the transformed message is called “cipher text”. Recovery of plain text from the
cipher text is only possible with a correct key. This process of recovering the original text
is called decryption. There are basically two types of encryption algorithms – Symmetric
and Asymmetric. Let us briefly looks what these two encryption algorithms are:
 SYMMETRIC ALGORITHM
In symmetric algorithm, same key is used both for encryption and decryption. Both
the sender and receiver share a common key and key distribution and management is
an issue in this type of encryption scheme.
 ASSYMETRIC ALGORITHM
Asymmetric algorithm involves two keys – public and private for encryption and
decryption as opposed to the symmetric algorithm which uses only one for both the
tasks. It is often referred to as Public Key Cryptography where a sender encrypts the
message using a key called private key and then in the receiving end, the receiver
decrypts the message using the public key pair. In this method, the private key is
known only by the owner whereas as public key is known by everyone and is
distributed via public channels.
Rajesh Agrawal | 09289557
Page | 6
CSY3023 | Internet and Computer Security | Technical Paper
ALGORITHMS FOR PUBLIC KEY CRYPTOGRAPHY – RSA AND
DSA
RSA:
RSA is an algorithm for public key cryptography and is one of the first algorithms
suitable for both signing as well as encryption. RSA is said to be secure due to its long
cryptographic keys and the use of up to date implementations.
Based on the fact that RSA is a public key cryptography algorithm, it employs two keys –
public and private keys to encrypt and decrypt messages. If a user A wants to
communicate with another user B, then user A sends his public key to user B keeping his
private key with himself. While user B now can encrypt a message using user A's public
key and send it back to user A. Now in the decrypting end, user A can decrypt the
message sent by user B using his privately owned key. Thus, only the owner of the
private key can decrypt the message. This is how encryption works with RSA. RSA can
not only be used in encryption, but also in signing the messages. Following are the
processed involved in signing message with RSA:

The sender first produces a hash value of the message. The same is followed in
the decrypting end as well.

The hash value is attached to the message as a digital signature.

In the receiving end, signature is decrypted to get the hash value.

Resulting hash value is compared with message's actual hash value to make sure
they match.

Identical hash values confirm the integrity of message while different hash value
depicts that the message have been tampered on the way.
DSA:
Digital Signal Algorithm is for signature only and not for encryption. DSA is a public key
algorithm in which the secret key operates on message hash generated by SHA-1. In
order to verify the signature, one has to re-compute the hash from original message,
decrypt the signature and then compare the results. The key size for DSA is variable from
512 to 1024 bits. Signature creation in DSA roughly takes same time as the RSA, but the
Rajesh Agrawal | 09289557
Page | 7
CSY3023 | Internet and Computer Security | Technical Paper
verification of signature with DSA takes a lot of time compared to RSA, Since
verification of signature is frequently done than creation, RSA is a more preferred public
key algorithm.
4.3 PUBLIC KEY CERTIFICATES
Public key certificate or digital certificate is an electronic document and uses digital
signature to bind together a public key with an identity – name of a person, organization,
address, email details and others. This certificate is used to verify that a public key
belongs to an individual and not others. In a PKI scheme, the signature will be of a
certificate authority (CA) whereas in a web of trust scheme, the signature belongs to the
user (self signed certificate which is demonstrated later in paper).
For UNIX based systems, these certificates can be created using a tool called OpenSSL
which is a built-in package in UNIX systems. Similarly, Microsoft Windows 2003
contains CA for the creation of digital certificates. Both these instances produce selfsigned certificates without any validation from Certificate Authorities such as VeriSign. A
typical digital certificate contains the following information:

Serial Number: Uniquely identifies the certificate.

Subject: The person or entity identified.

Signature Algorithm: The algorithm used to create signature.

Issuer: Subject who verified the information and issued the certificate.

Valid From and Valid To: Date that certificate is valid from and expiration date.

Key Usage: Purpose of the public key.

Public Key: Public key to encrypt the message to the named subject.

Thumbprint Algorithms: The algorithm used to hash the certificate.

Thumbprint: The hash value to ensure the certificate integrity.
The standard digital certificate format is ITU-T X.509. An X.509 certificate binds a
public key to a Distinguished Name. Primarily, there are three different interests
associated with digital certificates – the requesting party, the issuing party and the
Rajesh Agrawal | 09289557
Page | 8
CSY3023 | Internet and Computer Security | Technical Paper
verifying party. The table below clarifies the type of certificate and its requesting, issuing
and verifying parties:
Types
of Requesting Party
Issuing Party
Verifying Party
Certificates
The person or any
Identity
other
user
concerned
Accreditation
Authorization
The
government agency
A qualified member The
of profession
A customer wishing
to access a resource
appropriate Anyone undertaking an
identity check
professional A user of the services
body
offered by the member
The resource owner
The resource owner
Having described what digital signature is why it is necessary and the technologies
involved in creating a digital signature, it is time now to explore the working process of
digital signatures. Digital signature process involves two core stages, signing the
document or message on one hand and verification of the signed message on the other.
Once we understand the working of digital signatures, the actual signing process of an
open office document by creating the public/private key using Open SSL will be
demonstrated later in the paper.
5. WORKING PROCESS OF DIGITAL SIGNATURES
The working of digital signature is explained on the basis of the Figure 2 below. As we
can see, the digital signature process in divided into blocks – signing and verification.
First of all for the signing process, a hash value of the document to be signed is generated
either by using MD5 or SHA-1 as discussed earlier. This hash value (also called
fingerprint of the document) is then encrypted using the private key of the signer which
results to an output of what is called a “signed fingerprint”. This signed fingerprint along
with the signer's public key and a digital certificate (provided by CA or self-signed) are
aggregated together to form a digital signature. This signature when attached to the
original document or message gives us a digitally signed document as seen in the figure
below. This is where the signing process completes.
Rajesh Agrawal | 09289557
Page | 9
CSY3023 | Internet and Computer Security | Technical Paper
Now on the receiving end, the verification process of the digitally signed document takes
place. The hash value or fingerprint of the signed document is once again calculated in
the receiving end. Since the document is digitally signed, it will also have its
precomputed hash value. Both these hash values – the one calculated in the receiving end
and other from digital signature are compared to each other. If both these fingerprints
exactly match one another, then the digital signature is said to be valid which means no
any alterations had been performed in the document on the way. While if the fingerprints
did not match one another, the digital signature is considered invalid and the document
thus received cannot be trusted because some modifications might have been applied to
the document upon its transfer process.
Figure 3: Signing and Verification of Digital Signature Process
Rajesh Agrawal | 09289557
Page | 10
CSY3023 | Internet and Computer Security | Technical Paper
6. SELF-SIGNED DIGITAL CERTIFICATE
As mentioned earlier, we will now create a self-signed certificate by using a package
called Open SSL under Linux platform. For this, we need to have openssl package
installed in the system.Following steps were involved in creating a self-signed certificate:
STEP 1: First of all, a random private key was generated using openssl and was saved in
a file called CSY3023.key. The command used to generate the key is:
tekrajesh@tekrajesh-laptop:~$openssl genrsa -des3 1024 > CSY3023.key
This resulted in an output as below where the pass phrase was prompted and thus an RSA
key was generated.
Generating RSA private key, 1024 bit long modulus
..........++++++
.........................++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
A key is then generated in the home folder called CSY3023.key which is a private key.
STEP 2: Now the certificate is created using the key file generated above in the step 1.
The certificate thus generated is an X.509 certificate which is valid for 365 days. The
following command was entered:
tekrajesh@tekrajesh-laptop:~$openssl req -new -key ./CSY3023.key -x509 -days 365 >
CSY3023.pem
After entering the above command, a series of information is requested in order to create
the certificate. Here is what we entered:
You
are
about
to
be
asked
to
enter
information
that
will
be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Rajesh Agrawal | 09289557
Page | 11
CSY3023 | Internet and Computer Security | Technical Paper
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:Northamptonshire
Locality Name (eg, city) []:Northampton
Organization
Name
(eg,
company)
[Internet
Widgits
Pty
Ltd]:The
University of Northampton
Organizational
Unit
Name
(eg,
section)
[]:School
of
Science
and
Technology
Common Name (eg, YOUR name) []:Rajesh Agrawal (09289557)
STEP 3: Finally a PKCS12 compatible certificate containing the above private key and
certificate is created using the following command which gave us a certificate file called
'CSY3023.p12”.
tekrajesh@tekrajesh-laptop:~$openssl pkcs12 -export > CSY3023.p12 -name "SelfSigned Digital Certificate" -inkey CSY3023.key -in CSY3023.pem
This creates a self signed certificate called CSY3023 which is readily usable to sign any
documents and can even be imported to browsers such as Mozilla Firefox. Figure above
shows how the certificate looks like in Firefox after it has been imported.
Rajesh Agrawal | 09289557
Page | 12
CSY3023 | Internet and Computer Security | Technical Paper
7. DIGITAL SIGNATURE IMPLEMENTATION IN OPENOFFICE.ORG
After the digital certificate is created by following the above mentioned steps, we would
digitally sign an OpenOffice.org word document and discuss the security aspects it
provides to the document. First of all, the document file was signed using the following
steps:
 From File menu, “Digital Signatures” was selected and “Add” was clicked on the
dialogue box that appeared. The appropriate certificate was selected and attached to
the document.
 Once the signature was attached to the file, a red seal appeared on the status bar as
shown in the figure below, which confirmed that the document was digitally signed
using the self-signed certificate.
Rajesh Agrawal | 09289557
Page | 13
CSY3023 | Internet and Computer Security | Technical Paper
 In order to view the digital signature on the document, the red seal on status bar was
double clicked which brought up the digital signature information.
 The red seal indicates that the document has not been altered in any way. Modifying
the signed document removed the seal from the status bar which meant that the
signature is removed.
In addition to this, saving the modified document also
removed all the existing signatures on the document.
In this way, digital signature was implemented by making use of a self-signed certificate
with openssl. The use of digital signature not only provided identity of the author but also
ensured data integrity by removing the signature in response to any message alterations.
Rajesh Agrawal | 09289557
Page | 14
CSY3023 | Internet and Computer Security | Technical Paper
8. DIGITAL SIGNATURE AND PRIOR REQUIREMENTS
The above working shows how digital signature can protect the author's identification
and ensure the data integrity of the document. But there are some prior requirements for
successful implementation of digital requirements. Some of the major requirements
drawn through my research on this paper are listed below:

Use of quality algorithms is a must for secure digital signatures. This is because
there are some public-key algorithms which are insecure as practical attacks
against them had been uncovered. RSA is one of the most secure algorithms in
this case as it is used both to encrypt and sign the message.

The private key generated needs to be secret. If any adversary or third party gets
access to this key, that party can produce a perfect digital signature of whatever
possible. So the most important thing is to safeguard the private key.

The distribution of public key must be done in such a manner that public key must
clearly state whom it belongs to. This is commonly done using the public key
infrastructure and the public key user association is attested by an operator of PKI
called the Certificate Authority.

The user and their software must carry out the signature protocol properly.
9. DIGITAL SIGNATURE USES ENCRYPTION TECHNIQUE BUT
ARE NOT USED TO ENCRYPT
In my paper above, I have described much about digital signatures, its usage,
technologies involved, and some encryption algorithms used in it. The reader might have
an impression that by digitally signing a message or document, the message itself
becomes encrypted. But what I would want to make clear is that, although digital
signatures use encryption algorithms but they are not actually used to encrypt the signed
document. Although public key is used for encryption, but the purpose of digital
signature is not an encrypted document. This is because:
 You might want to sign some document digitally but want everyone to be able to read
it. Such documents include birth certificate, driving license, university degree and
others. These documents if encrypted won't be in plain text and cannot be viewed by
Rajesh Agrawal | 09289557
Page | 15
CSY3023 | Internet and Computer Security | Technical Paper
others. So digital signatures are used in documents just to identify the owner and
verify that the documents are not forged.
 Engaging in an encrypted conversation does not mean that one wants to encrypt all
the messages in legal sense. For e.g, you might have a general conversation with Ford
regarding buying a car, but this doesn't mean at all that you signed a legal contract
with the dealer. This is the reason that separate private keys should be used for
encryption and signing. If for reason a signed document needs to be encrypted,
encryption must be used on top of signing process.
10. CONCLUSION:
Digital signatures are designed to perform broadly the same purposes (identification of
individuals or role-holders, integrity of digital objects and non-repudiation of action) as
traditional signatures rather than to look like traditional hand-written signatures. In fact
they have more in common with seals than with traditional signatures. A written signature
is evidence that the person acted on the document, while a digital signature is evidence
that a private key from the signer acted upon the document.
The major conclusion we can draw from the digital signature analysis is that, the use of
digital signatures in any applications or documents will not prevent fraud from being
attempted, but they will prevent attempted fraud from succeeding by giving the
application/document an ability to detect fraudulent transactions. The other thing that can
be concluded is that digital certificates are more effective as mechanisms for attaching
permissions to digital signatures instead of names or identities. The use of digital
signatures has been increasingly used in most of the digital communication seen these
days due to the viable platform of authentication and assurance of data integrity it
delivers. All these properties aggregated lead to uses of digital signatures not as a vehicle
for identity but as complete mechanisms representing a trust relationship on which the
entire age of digital communication is dependent on.
Rajesh Agrawal | 09289557
Page | 16
CSY3023 | Internet and Computer Security | Technical Paper
11. REFERENCES
1. CGI Group Inc. (2004) Public Key Encryption and Digital Signature [online].
Available from: http://www.cgi.com/cgi/pdf/cgi_whpr_35_pki_e.pdf [Accessed: 8th
February 2010]
2. Curry, I. (2001) An Introduction to Cryptography and Digital Signature [online].
Available from: http://www.entrust.com/resources/pdf/cryptointro.pdf [Accessed: 5th
February 2010]
3. Gladman, B. (1999) Digital Signatures, Certificates and Electronic Commerce.
[online]. Available from:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.41.5957&rep=rep1&type=pdf
[Accessed: 4th February 2010]
4. Blair, E. (2003) An Introduction to Digital Signatures: policy and process [online].
Available from: http://www.janet.ac.uk/documents/publications/technical-guides/gn-dspolicy.pdf [Accessed: 8th February 2010]
5. Popov, D. (2007) Digital Signatures for documents and email. LINUXUSER. 1 (74),
pp.84-86.
6. Mao, W. (2004) Modern Cryptography: Theory & Practice. 1st ed. New Jersey:
Prentice Hall Professional.
7. Lysyanskaya, A. (2002) Signature Schemes and Applications to Cryptographic
Protocol Design. Ph.D. Thesis, Massachusetts Institute of Technology.
Rajesh Agrawal | 09289557
Page | 17
CSY3023 | Internet and Computer Security | Technical Paper
APPENDIX: GLOSSARY
TERMS
Asymmetric
Cryptography
DEFINITION
Two Keys: Private Key for decryption and signing and Public keys for
encryption and validating signatures. Knowledge of public key will not reveal
the private key.
An authority that creates and signs Digital Certificates for one or more users.
CA
Usually CAs forms a hierarchy. The top of this hierarchy is called the root
CA.
Data Integrity
Digest
Assures documents authenticity; any changes made to the content of the
document will invalidate the signature.
Used in the process of creating a Digital Signature, a Digest is a unique
digital representation or "fingerprint" of the signed data.
Similar to a passport identifying a trusted a person (or entity such as
application, etc.).
Digital Certificate
the
Digital Certificate is issued by a CA and is used to ensure
Digital Certificate authenticity of Public keys belonging to users.
A Digital Certificate prevents a hacker from claiming they are someone
else thanks to the CA which issued the certificates after ensuring the
authenticity of Public keys belonging to users.
Digital Signature (sometimes referred to as Advanced Electronic
Signatures) takes the concept of the traditional paper-based signature
Digital Signature
into
the digital realm, by adding a digital "fingerprint" as a signature to
a
document. This "fingerprint" is unique to both the document and the
signer.
A mathematical process that converts a message (e.g., a document) into a
unique "message digest" that represents the original message. A hash function
Hashing
will not produce the same message digest from two different inputs.
A hash
is a one-way function, making it infeasible to reverse the process to determine
the original message from the "message digest".
Rajesh Agrawal | 09289557
Page | 18
CSY3023 | Internet and Computer Security | Technical Paper
Key Pair
The public and private key generated for a user
Non-Repudiation
Avoid denial of transaction
PKCS#12
PKI
A Public-key cryptography Standard published by RSA Laboratories defining
a format for storing or transporting a user's private keys, certificates, etc.
Public Key Infrastructure. The combination of standards, protocols and
software that support Digital Signatures and Encryption.
The secret key in a PKI system, used to validate incoming messages and sign
Private Key
outgoing ones. A Private Key is always paired with its Public
Key during
those key generations.
The publicly available key in a PKI system, used to encrypt messages
Public Key
bound for its owner and to validate signatures made by its owner. A
Public
Key is always paired with its Private Key during those key generations.
A card, typically the same size as a credit card that contains a built-in
Smart Card
microprocessor and memory. In traditional PKI systems, Smart Cards are
used to store user's Private Keys and in some cases, also perform
the
Hashing.
A
X.509
standard
for
Digital
International Telecommunication
Certificates
Union)
used
from
in
the
ITU
many
PKI
implementations.
Rajesh Agrawal | 09289557
Page | 19
Download