1.3 Flashcards
what is key mgmt about?
generating, verrification, exchange, storage and destruction of keys
basic components of key mgmt are:
automated and random keygens, key strength verification, encrypted key storage, secure key exchange, short lifetimes, revoking and destroying keys that have expired or are compromised
describe hash algorithm
hash will take info, run math on it and produce a string called a digest
what is hash vulnerable to?
it is vulnerable to MITM and has no security with transmitted data
what do you have to use that you have security with transmitted data?
HMAC
examples for HMAC
md5, sha-2
what is the full name for hmac?
hashed message authentication code
how is hmac built?
hash + a key that is only known by both parties
what does the hash algorithm in general secure? CIA
integrity
what does encryption secure? CIA
confidentiality
how many keys does a symmetrical encryption use?
one key to encrypt and decrypt
examples for symmetrical encryption?
3des and aes
what has to be done before any encryption happens?
a secure channel needs to be created before any encryption happens for the key mgmt
for what data encryption is a symmetrical encryption useful?
it is useful for bulk data encryption
how many keys does the asymmetrical encryption use?
a pair of keys to encrypt and decrypt
is the asymmetrical encryption faster or slower than the symmetrical?
slower
of what keys consists the asymmetrical encryption?
of a public and a private key
examples for asymmetrical encryption
rsa, dh
which application use the asymmetrical encryption?
ssh, ike and ssl
what three basic security services are digital signatures providing?
it authenticates a source proving that a certain party has seen and signed the data in questions, guarantees that the data has not changed from the time it was signed, proves to a third party that the data exchange did take place
which functionality are digital signatures providing?
the same as handwritten signatures
where are digital signatures commonly used? and why?
in code signing to verify the integrity (Vollständigkeit) of downloaded files and in digital certificates to verify the identity of an organization or individual
what are the basic four properties of digital signatures?
the signatures is authentic (echt), the signature is not forgeable (schmiedbar), the signature is not reusable (wiederverwendbar) and the signer cannot claim later that they did not sign it
what are digital certificates used for?
to authenticate and verify that a user sending a message is who they claim to be
for what is RSA commonly used?
it is commonly used for generating and verifying digital signatures
which framework is used to secure exchange info between parties?
PKI (public key infrastructure)
how to authenticate with asymmetric encyrption
the one who sends does it encrypt with the private key and they other one decrypts it with the public key of the one who sent it
for what is CA (certificate authority)used for?
it plays the role of the trusted third party and issues certs that show the identity of companies and users, which are used to sign messages to ensure no tampering
the different topologies for PKIs
single root, hierarchical and cross certified
