|
Public Key Infrastructure (PKI)
Digital certificate - A credential that contains the public key of that individual along with other identifying information.
Certificate authority (CA) - An organization that maintains and issues public key certificates.
Certificate revocation list (CRL) - A list of every certificate that has been revoked for one reason or another. This list is maintained periodically.
Certificate - Is the mechanism used to associate a public key with a collection of components sufficient to uniquely authenticate the claimed owner.
Registration authority (RA) - Performs the certification registration duties.
PKI entities and function - CA / RA / certificate repository / certificate revocation system / key backup and recovery system / automatic key update / management of key histories / cross-certification with other CAs / timestamping / client-side software
PKI supplies - Confidentiality / Access control / Integrity / Authentication
One-way function
Is a mathematical function that is easier to compute in one direction than in the opposite direction.
Trapdoor one-way function - The basis for public key cryptography. A public key encrypts and a private key (trapdoor) decrypts
Message integrity
One-way hash
Is a function that takes a variable-length string a message, and compresses and transforms it into a fixed length value referred to as a hash value.
Message digest - The hash value of a one-way hash.
One-way function used in public key cryptography
Function - It never performed in reverse / It provides integrity of a message, not confidentiality or authentication. / The result of a one-way hash is a hashing value / It is used in hashing to create a fingerprint for a message.
Digital signatures
Is an encrypted hash value of a message
Digital signature standard (DSS)
A standard for digital signatures and its functions and acceptable use. Require Digital Signature Algorithm (DSA) and the Secure Hash Algorithm (SHA).
Different Hash algorithm
MD4 - Produces 128-bit hash values. Used for high-speed computation in software implementation and is optimized for microprocessors.
MD5 - Produces 128-bit hash values. More complex than MD4. Processes text in 512-bit blocks.
MD2 - Produces 128-bit hash values. Slower than MD4 and MD5
SHA - Produces 160-bit hash values. This is then inputted into the DSA, which computes the signature for a message. The message digest is signed instead of the whole message.
SHA1--Updated version of SHA.
HAVAL - Is a variable length one-way hash function and is the modification of MD5. Processes text in 1024-bit blocks.
|
|
