Uses of Public Keys/Private Keys 1. Secure messages 2. Secure Storage a. Use a Symmetric key b. Password management: store hashes. Store the encrypted password hash 3. Authentication i.e. digital signatures a. Bob sends private key. Alice uses Bob’s public key to decrypt b. For signing Private Key- only encrypts and the Private Key only decrypts 4. Non-repudiation 5. Message Integrity a. Before encrypting, hash the plaintext
E-Commerce Example Public Key →Handshake→ Symmetric Key E-Commerce – SSL/TLS · Legal : Personal Identifiers must be kept confidential · Business: People will or will not buy something based on trust
Handshake Steps 1. Client requests webpage (hello) a. Client sends cipher list 2. Server says “authenticate me” a. Certificate provides needed information (owner, serial #, certifying authority, validity , algorithm RSA, public key, certifying authority’s certificate, fingerprint or thumbprint) b. Chain of trust: the certifying authority 3. Client check serial number and fingerprint with certifying authority 4. Key Exchange a. At this point, clients starts using the public key b. Go to session cipher and shared key (encrypted) 5. Session is ready and we communicate securely *handshaking is the process of establishes the parameters of communications between two devices.
True Crypt is a volume level device. It encrypts a partition.
Ax crypt – allows you to encrypt a file
HxD – a hexadecimal editor
1. Secure messages
2. Secure Storage
a. Use a Symmetric key
b. Password management: store hashes. Store the encrypted password hash
3. Authentication i.e. digital signatures
a. Bob sends private key. Alice uses Bob’s public key to decrypt
b. For signing Private Key- only encrypts and the Private Key only decrypts
4. Non-repudiation
5. Message Integrity
a. Before encrypting, hash the plaintext
E-Commerce Example
Public Key →Handshake→ Symmetric Key
E-Commerce – SSL/TLS
· Legal : Personal Identifiers must be kept confidential
· Business: People will or will not buy something based on trust
Handshake Steps
1. Client requests webpage (hello)
a. Client sends cipher list
2. Server says “authenticate me”
a. Certificate provides needed information (owner, serial #, certifying authority, validity , algorithm RSA, public key, certifying authority’s certificate, fingerprint or thumbprint)
b. Chain of trust: the certifying authority
3. Client check serial number and fingerprint with certifying authority
4. Key Exchange
a. At this point, clients starts using the public key
b. Go to session cipher and shared key (encrypted)
5. Session is ready and we communicate securely
*handshaking is the process of establishes the parameters of communications between two devices.
True Crypt is a volume level device. It encrypts a partition.
Ax crypt – allows you to encrypt a file
HxD – a hexadecimal editor