Cryptography+Pt.+II

1. Secure messages 2. Secure Storage a. Use a Symmetric key b. Password management: store hashes. Store the encrypted password hash 3. Authentication i.e. digital signatures a. Bob sends private key. Alice uses Bob’s public key to decrypt b. For signing Private Key- only encrypts and the Private Key only decrypts 4. Non-repudiation 5. Message Integrity a. Before encrypting, hash the plaintext
 * Uses of Public Keys/Private Keys**

**E-Commerce Example** Public Key →Handshake→ Symmetric Key __E-Commerce__ – SSL/TLS · Legal : Personal Identifiers must be kept confidential · Business: People will or will not buy something based on trust

__Handshake Steps__ 1. Client requests webpage (hello) a. Client sends cipher list 2. Server says “authenticate me” a. Certificate provides needed information (owner, serial #, certifying authority, validity, algorithm RSA, public key, certifying authority’s certificate, fingerprint or thumbprint) b. Chain of trust: the certifying authority 3. Client check serial number and fingerprint with certifying authority 4. Key Exchange a. At this point, clients starts using the public key b. Go to session cipher and shared key (encrypted) 5. Session is ready and we communicate securely *handshaking is the process of establishes the parameters of communications between two devices.

True Crypt is a volume level device. It encrypts a partition. Ax crypt – allows you to encrypt a file HxD – a hexadecimal editor