Cryptography 7 Flashcards
Identifies which instance of the protocol this message belongs to. Perhaps Alice and Bob are running two key negotiation protocols simultaneously, and we don’t want to confuse the two runs.
Protocol Instance Identifier
Identifies the message within the protocol. The easiest method is to simply number them.
*** Most Common format of certificates is X.509 v3
Message Identifier Etc …
The CA has a public/private key pair (e.g., an RSA key pair) and publishes the public key. We will assume that everybody knows the CA’s public key.
*** Secure sites on the Internet use a PKI system to allow browsers to identify the correct website.
Keys Etc …
Alice generates her own public/private key pair. She keeps the private key secret, and takes the public key to the CA. CA verifies Alice is who she says she is and signs a digital statement that states the public key belongs to Alice, this is called a certificate. If alice wants to communicate with Bob she can send him her public key and cert. and Bob has CA’s public key to verify sig. on cert. This process is done on both sides Bob/Alice to communicate securely.
Joining a PKI …
A much better solution is generally to directly tie the permissions to the key, using the PKI. The certificate no longer links the key to a name; it links the key to a set of permissions. Direct authorization removes the ACL and the names from the authorization process, thereby eliminating these points of attack.
Info …
it requires that you need a credential in the form of a signed certificate for every action you perform. If Alice has a credential that lets her read and write a particular file, she can delegate some or all of her authority to Bob. A credentialed system can limit time validity of delegation by including validity period in cert. Alice might also limit Bobs ability to delegate the authority to read file “X”.
full-fledged credential system
The purpose of having a PKI is to allow Alice and Bob to generate a shared secret key, which they use to create a secure channel, which they in turn use to communicate securely with each other. Alice wants to authenticate Bob (and vice versa) without talking to a third party. The PKI is supposed to make this possible. But it doesnt, because there is no revocation system that works entirely offline.
info #2 …
(1) Alice creates a public/private key pair and stores the private part in a secure manner. (2) Alice takes her public key to the CA or the sub-CA and has it certify her key. This is the point where the CA decides which permissions to give to Alice’s public key. (3) Alice might have to distribute her certified public key before she can use it. If, for example, Alice uses her key for signatures, each party that could potentially receive Alice’s signature should have her public key first. The best way to do this is to distribute the key for a while before Alice uses it the first time. (4) Active use of the key for Alice’s transactions. (5) Passive Use : after alice no longer uses her key for new transactions but everyone still accepts the key. (6) Expired key : key expires and is not considered valid anymore.
Life of a Key
Revocation is only effective if you find out the attacker has the key; a clever attacker would try to avoid detection. Key lifetime of 1 year is probably a reasonable maximum.
salt : a random number that is stored alongside the data that was encrypted with the password.
info #3 …
reverses Alphabet (A becomes Z, B becomes Y …)
Atbash Cipher
