Public Key Security: Difference between revisions
| Line 29: | Line 29: | ||
==Key Pair== | ==Key Pair== | ||
A key pair consists in two separate but matching cryptographic keys: a [[#Public_Key|public key]] and a [[#Private_Key|private key]]. | |||
===Public Key=== | ===Public Key=== | ||
Revision as of 23:58, 7 April 2018
Internal
Overview
Asymmetric Cryptography
Asymmetric cryptography or public key cryptography is a cryptographic system that uses pairs of keys: public keys, which may be disseminated publicly and widely, and private keys that are known only to the owner, to provide authentication and encryption.
Authentication
The authentication function is provided by using the public key of the counterpart to verify that a message was indeed signed with the counterpart's private key. This mechanism works because the private key that signed the message cannot belong to anyone else than the counterpart whose public key was used for verification. This proof is considered sufficient to insure that the counterpart is who it is claiming to be.
Encryption
The encryption function is provided by using the public key of the recipient to encrypt the message. The message thus encrypted can only be decrypted by the corresponding private key, available only to the recipient. Nobody else can decrypt the message.
Public Key Infrastructure (PKI)
A public key infrastructure (PKI) is a set of roles, policies and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public key cryptography. The components of the architecture are aimed at binding public keys with respective identities of entities owning those public keys, such as people or organizations. The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA).
Certificate Authority (CA)
Registration Authority (RA)
Certificate
Key Pair
A key pair consists in two separate but matching cryptographic keys: a public key and a private key.
Public Key
Private Key
X.509
SSL/TLS
Transport Layer Security (TLS) is the successor of Secure Sockets Layer (SSL). They are both cryptographic protocols designed to provide communications security over a computer network. The client/server pair use a symmetric key to encrypt the communication. The symmetric key is unique and generated for each connection, as part of a protocol exchange that involves pair's public and private keys. For more details, see: