View
224
Download
1
Category
Tags:
Preview:
Citation preview
Digital Signature,Digital Signature,Digital CertificateDigital Certificate
CSC1720 – Introduction to CSC1720 – Introduction to InternetInternet
Essential MaterialsEssential Materials
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
2
OutlineOutline
IntroductionIntroduction CryptographyCryptography
– Secret-key algorithmsSecret-key algorithms– Public-key algorithmsPublic-key algorithms– Message-Digest algorithmsMessage-Digest algorithms
Digital SignatureDigital Signature Digital CertificateDigital Certificate Public Key Infrastructure (PKI)Public Key Infrastructure (PKI) Secure Electronic Transaction (SET)Secure Electronic Transaction (SET) SummarySummary
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
3
IntroductionIntroduction
CryptographyCryptography and and digital certificatesdigital certificates are first appeared in closed are first appeared in closed commercial, financial network and commercial, financial network and military systems.military systems.
We can send/receive secure e-mail, We can send/receive secure e-mail, connect to secure website to purchase connect to secure website to purchase goods or obtain services.goods or obtain services.
Problem:Problem: How do we implement them How do we implement them in this global, open network, Internet?in this global, open network, Internet?
To what level of encryption is sufficient To what level of encryption is sufficient to provide safe and trust services on to provide safe and trust services on the Net?the Net?
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
4
CryptographyCryptography
3 cryptographic algorithms:3 cryptographic algorithms:– Message-digest algorithmsMessage-digest algorithms
Map variable-length plaintext to fixed-Map variable-length plaintext to fixed-length ciphertext.length ciphertext.
– Secret-key algorithmsSecret-key algorithms Use one single key to encrypt and Use one single key to encrypt and
decrypt.decrypt.
– Public-key algorithmsPublic-key algorithms Use 2 different keys – public key and Use 2 different keys – public key and
private key.private key.
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
5
KeysKeys
It is a variable value that is used by It is a variable value that is used by cryptographic algorithms to produce cryptographic algorithms to produce encrypted text, or decrypt encrypted encrypted text, or decrypt encrypted text.text.
The length of the key reflects the The length of the key reflects the difficulty to decrypt from the difficulty to decrypt from the encrypted message.encrypted message.
Encryption DecryptionPlaintext PlaintextCiphertext
Key Key
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
6
Key lengthKey length
It is the number of bits (bytes) in the It is the number of bits (bytes) in the key.key.
A 2-bit key has four valuesA 2-bit key has four values– 00, 01, 10, 11 in its key space00, 01, 10, 11 in its key space
A key of length “n” has a key space of A key of length “n” has a key space of 2^n distinct values.2^n distinct values.
E.g. the key is 128 bitsE.g. the key is 128 bits– 101010101010….10010101111111101010101010….10010101111111– There are 2^128 combinations There are 2^128 combinations – 340 282 366 920 938 463 463 374 607 431 768 340 282 366 920 938 463 463 374 607 431 768
211 456211 456
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
7
Secret-key EncryptionSecret-key Encryption
Use a secret key to encrypt a Use a secret key to encrypt a message into ciphertext.message into ciphertext.
Use the same key to decrypt the Use the same key to decrypt the ciphertext to the original ciphertext to the original message.message.
Also called “Symmetric Also called “Symmetric cryptography”.cryptography”.
Encryption DecryptionPlaintext PlaintextCiphertext
Secret Key Secret Key
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
8
Secret Key How to?Secret Key How to?
Encrypted TextOriginal Text
+
Secret key
=
Encrypted Text Original TextSecret key
+ =
Encryption
Decryption
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
9
Secret-Key Problem?Secret-Key Problem?
All keys need to All keys need to be replaced, if be replaced, if one key is one key is compromised.compromised.
Not practical for Not practical for the Internet the Internet environment.environment.
On the other On the other hand, the hand, the encryption speed encryption speed is fast.is fast.
Suitable to Suitable to encrypt your encrypt your personal data.personal data.
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
10
Secret-Key algorithmsSecret-Key algorithms
Algorithm Algorithm NameName
Key Length Key Length (bits)(bits)
BlowfishBlowfish Up to 448Up to 448
DESDES 5656
IDEAIDEA 128128
RC2RC2 Up to 2048Up to 2048
RC4RC4 Up to 2048Up to 2048
RC5RC5 Up to 2048Up to 2048
Triple DESTriple DES 192192
References:
BlowfishDESIDEARC2RC4RC5DES-3
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
11
Public-key EncryptionPublic-key Encryption
Involves 2 distinct keys – Involves 2 distinct keys – publicpublic, , privateprivate.. The private key is kept secret and never be divulged, The private key is kept secret and never be divulged,
and it is password protected (Passphase).and it is password protected (Passphase). The public key is not secret and can be freely The public key is not secret and can be freely
distributed, shared with anyone.distributed, shared with anyone. It is also called “asymmetric cryptography”.It is also called “asymmetric cryptography”. Two keys are mathematically related, it is infeasible to Two keys are mathematically related, it is infeasible to
derive the private key from the public key.derive the private key from the public key. 100 to 1000 times slower than secret-key algorithms.100 to 1000 times slower than secret-key algorithms.
Encryption DecryptionPlaintext PlaintextCiphertext
Public Key Private Key
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
12
How to use 2 different How to use 2 different keys?keys?
Just an example:Just an example:– Public KeyPublic Key = 4, = 4, Private KeyPrivate Key = 1/4, = 1/4,
message M = 5message M = 5– Encryption:Encryption:
Ciphertext C = M * Ciphertext C = M * Public KeyPublic Key 5 * 4 = 205 * 4 = 20
– Decryption:Decryption: Plaintext M = C * Plaintext M = C * Private KeyPrivate Key 20 * ¼ = 520 * ¼ = 5
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
13
Public-Private Public-Private EncryptionEncryption
First, create publicand private key
Public key
Private key
Private key
Private key stored inyour personal computer
Public Key Directory
Public Key
Public key stored in the directory
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
14
Message EncryptionMessage Encryption((User AUser A sends message to sends message to User User BB))
Public Key Directory
Text
User A
User B’s Public Key
Encryption
Encrypted Text
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
15
Message EncryptionMessage Encryption
Original Message Encrypted Message
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
16
Transfer Encrypted Transfer Encrypted DataData
User A
Encrypted Text
Encrypted Text
Insecure Channel
User B
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
17
Decryption with your Decryption with your Private keyPrivate key
Encrypted Text
User B’sPrivate key
Private key stored inyour personal computer
Decryption
Original Text
User B
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
18
Asymmetric algorithmsAsymmetric algorithms
Algorithm Algorithm NameName
Key Length Key Length (bits)(bits)
DSADSA Up to 448Up to 448
El GamalEl Gamal 5656
RSARSA 128128
Diffie-HellmanDiffie-Hellman Up to 2048Up to 2048
References:
DSAEl GamalRSADiffie-Hellman
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
19
How difficult to crack a How difficult to crack a key?key?
Key Key LengtLengthh
IndividuIndividual al AttackerAttacker
Small Small GroupGroup
Academic Academic Network Network
Large Large CompanyCompany
Military Military Inteligence Inteligence AgencyAgency
4040 WeeksWeeks DaysDays HoursHours MillisecondsMilliseconds MicrosecondsMicroseconds
5656 CenturieCenturiess
DecadesDecades YearsYears HoursHours SecondsSeconds
6464 MillenniMillenniaa
CenturieCenturiess
DecadesDecades DaysDays MinutesMinutes
8080 InfeasiblInfeasiblee
InfeasiblInfeasiblee
InfeasibleInfeasible CenturiesCenturies CenturiesCenturies
128128 InfeasiblInfeasiblee
InfeasiblInfeasiblee
InfeasibleInfeasible InfeasibleInfeasible MillenniaMillennia
AttackerAttacker Computer ResourcesComputer Resources Keys / SecondKeys / Second
Individual attackerIndividual attacker One high-performance desktop machine & SoftwareOne high-performance desktop machine & Software 2^17 – 2^242^17 – 2^24
Small groupSmall group 16 high-end machines & Software16 high-end machines & Software 2^21 – 2^242^21 – 2^24
Academic NetworkAcademic Network 256 high-end machines & Software256 high-end machines & Software 2^25 – 2^282^25 – 2^28
Large companyLarge company $1,000,000 hardware budget$1,000,000 hardware budget 2^432^43
Military Intelligence agencyMilitary Intelligence agency $1,000,000 hardware budget + advanced technology$1,000,000 hardware budget + advanced technology 2^552^55
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
20
Crack DES-3 (Secret-Crack DES-3 (Secret-key)key)
Distributed.net connects100,000 PCs on the Net, to get a record-breaking22 hr 15 min to crackthe DES algorithm.
Speed: 245 billion keys/s
Win $10,000
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
21
Message-Digest Message-Digest AlgorithmsAlgorithms It maps a variable-length input It maps a variable-length input
message to a fixed-length output message to a fixed-length output digest.digest.
It is not feasible to determine the It is not feasible to determine the original message based on its original message based on its digest.digest.
It is impossible to find an arbitrary It is impossible to find an arbitrary message that has a desired message that has a desired digest.digest.
It is infeasible to find two It is infeasible to find two messages that have the same messages that have the same digest.digest.
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
22
Message-Digest How Message-Digest How toto A hash function is a A hash function is a
math equation that math equation that create a message create a message digest from digest from message.message.
A message digest is A message digest is used to create a used to create a unique digital unique digital signature from a signature from a particular particular document.document.
MD5 exampleMD5 example
Hash Function
Original Message(Document, E-mail)
Digest
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
23
Message Digest DemoMessage Digest Demo
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
24
Message-DigestMessage-Digest
Message-Digest Message-Digest AlgorithmAlgorithm
Digest Length Digest Length (bits)(bits)
MD2MD2 128128
MD4MD4 128128
MD5MD5 128128
Secure Hash Secure Hash Algorithm (SHA)Algorithm (SHA)
160160
References:
MD2MD4MD5SHA
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
25
Digital SignatureDigital Signature
Digital signature can be used in Digital signature can be used in all electronic communicationsall electronic communications– Web, e-mail, e-commerceWeb, e-mail, e-commerce
It is an electronic stamp or seal It is an electronic stamp or seal that append to the document.that append to the document.
Ensure the document being Ensure the document being unchanged during transmission.unchanged during transmission.
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
26
How digital Signature How digital Signature works?works?
User A
User B
Use A’s private key to sign the document
Transmit via the Internet
User B receivedthe document withsignature attachedVerify the signature
by A’s public key storedat the directory
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
27
Digital Signature Digital Signature Generation and Generation and VerificationVerification
Message Sender Message Receiver
Message Message
Hash function
Digest
Encryption
Signature
Hash function
Digest
Decryption
Expected Digest
PrivateKey
PublicKey
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
28
Digital SignatureDigital Signature
ReferencReferencee
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
29
Key ManagementKey Management
Private key are password-Private key are password-protected.protected.
If someone want your private key:If someone want your private key:– They need the file contains the keyThey need the file contains the key– They need the passphrase for that They need the passphrase for that
keykey If you have never written down If you have never written down
your passphrase or told anyoneyour passphrase or told anyone– Very hard to crackVery hard to crack– Brute-forceBrute-force attack won’t work attack won’t work
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
30
Digital CertificatesDigital Certificates
Digital Certificate is a data with Digital Certificate is a data with digital signature from one trusted digital signature from one trusted Certification Authority (CA).Certification Authority (CA).
This data contains:This data contains:– Who owns this certificateWho owns this certificate– Who signed this certificateWho signed this certificate– The expired dateThe expired date– User name & email addressUser name & email address
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
31
Digital CertificateDigital Certificate
ReferencReferencee
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
32
Elements of Digital Elements of Digital Cert.Cert.
A Digital ID typically contains the following information:A Digital ID typically contains the following information:– Your public key, Your name and email addressYour public key, Your name and email address– Expiration date of the public key, Name of the CA who issued your Digital Expiration date of the public key, Name of the CA who issued your Digital
IDID
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
33
Certification Authority Certification Authority (CA)(CA) A trusted agent who certifies public A trusted agent who certifies public
keys for general use (Corporation or keys for general use (Corporation or Bank).Bank).– User has to decide which CAs can be User has to decide which CAs can be
trusted.trusted. The model for key certification based The model for key certification based
on friends and friends of friends is on friends and friends of friends is called “Web of Trust”.called “Web of Trust”.– The public key is passing from friend to The public key is passing from friend to
friend.friend.– Works well in small or high connected Works well in small or high connected
worlds.worlds.– What if you receive a public key from What if you receive a public key from
someone you don’t know?someone you don’t know?
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
34
CA model (Trust CA model (Trust model)model)
Root Certificate
CA Certificate
Browser Cert.
CA Certificate
Server Cert.
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
35
Web of Trust modelWeb of Trust model
Bob
A
B
Alice
D
C
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
36
Public Key Public Key Infrastructure (PKI)Infrastructure (PKI) PKI is a system that uses public-PKI is a system that uses public-
key encryption and digital key encryption and digital certificates to achieve secure certificates to achieve secure Internet services.Internet services.
There are 4 major parts in PKI.There are 4 major parts in PKI.– Certification Authority (CA)Certification Authority (CA)– A directory ServiceA directory Service– Services, Banks, Web serversServices, Banks, Web servers– Business UsersBusiness Users
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
37
Digital 21 . gov .hkDigital 21 . gov .hk
Reference:An official homepagewhich provides lot ofPKI, e-commerceinformation
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
38
PKI StructurePKI Structure
Certification Authority Directory services
UserServices,Banks,Webservers
Public/Private Keys
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
39
4 key services4 key services
Authentication – Digital CertificateAuthentication – Digital Certificate– To identify a user who claim who he/she is, in order to To identify a user who claim who he/she is, in order to
access the resource.access the resource. Non-repudiation – Digital SignatureNon-repudiation – Digital Signature
– To make the user becomes unable to deny that he/she To make the user becomes unable to deny that he/she has sent the message, signed the document or has sent the message, signed the document or participated in a transaction.participated in a transaction.
Confidentiality - EncryptionConfidentiality - Encryption– To make the transaction secure, no one else is able to To make the transaction secure, no one else is able to
read/retrieve the ongoing transaction unless the read/retrieve the ongoing transaction unless the communicating parties.communicating parties.
Integrity - EncryptionIntegrity - Encryption– To ensure the information has not been tampered during To ensure the information has not been tampered during
transmission.transmission.
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
40
Certificate SignersCertificate Signers
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
41
Certificate Enrollment Certificate Enrollment and Distributionand Distribution
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
42
Secure Web Secure Web CommunicationCommunication Server authentication is necessary for Server authentication is necessary for
a web client to identify the web site it a web client to identify the web site it is communicating with.is communicating with.
To use SSL, a special type of digital To use SSL, a special type of digital certificate – “certificate – “Server certificateServer certificate” is ” is used.used.
Get a server certificate from a CA.Get a server certificate from a CA.– E.g. E.g. www.www.hitrusthitrust.com..com.hkhk, ,
www.cuhk.edu.hk/ca/www.cuhk.edu.hk/ca/ Install a server certificate at the Web Install a server certificate at the Web
server.server. Enable SSL on the Web site.Enable SSL on the Web site. Client authentication – Client authentication –
Client certificatesClient certificates
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
43
Strong and Weak Strong and Weak EncryptionEncryption Strong encryptionStrong encryption
– Encryption methods that cannot be Encryption methods that cannot be cracked by brute-force (in a reasonable cracked by brute-force (in a reasonable period of time).period of time).
– The world fastest computer needs The world fastest computer needs thousands of years to compute a key.thousands of years to compute a key.
Weak encryptionWeak encryption– A code that can be broken in a practical A code that can be broken in a practical
time frame.time frame.– 56-bit encryption was cracked in 1999.56-bit encryption was cracked in 1999.– 64-bit will be cracked in 2011.64-bit will be cracked in 2011.– 128-bit will be cracked in 2107.128-bit will be cracked in 2107.
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
44
Pretty Good Privacy Pretty Good Privacy (PGP)(PGP) Release in June 1991 by Philip Release in June 1991 by Philip
Zimmerman (PRZ)Zimmerman (PRZ) PGP is a hybrid cryptosystem that PGP is a hybrid cryptosystem that
allows user to encrypt and allows user to encrypt and decrypt.decrypt.
Use session key “a random Use session key “a random generated number from the generated number from the mouse movement or keystrokes”mouse movement or keystrokes”
Demo & TutorialDemo & Tutorial
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
45
PGP Public KeyPGP Public Key
Philip R Zimmermann's Public KeysPhilip R Zimmermann's Public Keys Current DSS/Diffie-Hellman Key:Current DSS/Diffie-Hellman Key: Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E Key fingerprint: 055F C78F 1121 9349 2C4F 37AF C746 3639 B2D7 795E -----BEGIN PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 7.0.3Version: PGP 7.0.3
mQGiBDpU6CcRBADCT/tGpBu0EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/mQGiBDpU6CcRBADCT/tGpBu0EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5XDFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/9j+5XDFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dJecD/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGdGroARZ+kxYq/0UAr3hMK6zcA/egvWRGsm9dJecD/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGdGroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRTLa9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRTLk0sfiWEdcBM/k0sfiWEdcBM/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kxipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kxipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQq/31aev3HDy20YayxAE94BWIsKkhaMyokAYQQfEQIAIQUCOlTwWwIHABcMgBE/c+Q4+RFQq/31aev3HDy20YayxAE94BWIsKkhaMyokAYQQfEQIAIQUCOlTwWwIHABcMgBE/xzIEHSPp6mbdtQCcnbwh33TcYQAKCRDHRjY5std5Xle4AKCh1dqtFxD/xzIEHSPp6mbdtQCcnbwh33TcYQAKCRDHRjY5std5Xle4AKCh1dqtFxD/BiZMqdP1eZYG8AZgTACfU7VX8NpIaGmdyzVdrSDUo49AJae0IlBoaWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAbWl0LmVkdT6JAFUEEBECABUFAjBiZMqdP1eZYG8AZgTACfU7VX8NpIaGmdyzVdrSDUo49AJae0IlBoaWxpcCBSLiBaaW1tZXJtYW5uIDxwcnpAbWl0LmVkdT6JAFUEEBECABUFAjpU6CcFCwkIBwMCGQEFGwMAAAAACgkQx0Y2ObLXeV5WUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr2e6QnV5Z0yjjiQBGpU6CcFCwkIBwMCGQEFGwMAAAAACgkQx0Y2ObLXeV5WUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr2e6QnV5Z0yjjiQBGBBARAgAGBQI6VOkSAAoJEGPLaR3669X8JPcAnim4+Hc0oteQZrNUeuMSuirNVUr7AKC1WXJI7gwMq0Agz07hQs+BBARAgAGBQI6VOkSAAoJEGPLaR3669X8JPcAnim4+Hc0oteQZrNUeuMSuirNVUr7AKC1WXJI7gwMq0Agz07hQs++POJBMokARgQQEQIABgUCOlcobQAKCRDXjLzlZqdLMVBtAKDa5VPcb6NVH6tVeEDJUv+tBjp6oACeLoNtfbs2rvJkgKDHWEIDmJdgy2GJAD8D+POJBMokARgQQEQIABgUCOlcobQAKCRDXjLzlZqdLMVBtAKDa5VPcb6NVH6tVeEDJUv+tBjp6oACeLoNtfbs2rvJkgKDHWEIDmJdgy2GJAD8DBRA6WP4Y8CBzV/QUlSsRAkmdAKC3TfkSSeh+poPFnMfW+/Y/+AAEEpGSUYAAQEAAAEAAQAA/BRA6WP4Y8CBzV/QUlSsRAkmdAKC3TfkSSeh+poPFnMfW+/Y/+AAEEpGSUYAAQEAAAEAAQAA/9sAQwAKBwcIBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47///9sAQwAKBwcIBwYKCAgICwoKCw4YEA4NDQ4dFRYRGCMfJSQiHyIhJis3LyYpNCkhIjBBMTQ5Oz4+PiUuRElDPEg3PT47///EALUQAAIBAwMCBAMFBEALUQAAIBAwMCBAMFB
…………………………………………………………………………………………………………………………………….... QQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9P
X29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//X29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTEALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A9mooooAKKKKACsjW/Eum6FGTdS7pcfLEv3j/AIfjWV428XHQrf7HY4e/Z2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A9mooooAKKKKACsjW/Eum6FGTdS7pcfLEv3j/AIfjWV428XHQrf7HY4e/lHXIxEvqfevH7y8lupXmmuJppWOZJC+AD9aly7GkIX1Z3OpfE3Up3K2EUVumcdN7fy/pWLL4415wPM1GWPJyNpK/0Fc5btG/lHXIxEvqfevH7y8lupXmmuJppWOZJC+AD9aly7GkIX1Z3OpfE3Up3K2EUVumcdN7fy/pWLL4415wPM1GWPJyNpK/0Fc5btG/Pktkfx7yTVhYAGLsAxbryf5c5rNvzNlG3Q6yz8ZaxEyudQkcZ+7JtYH867PRfG9nfIsd7/o8p/iI+U/4V5EI/Pktkfx7yTVhYAGLsAxbryf5c5rNvzNlG3Q6yz8ZaxEyudQkcZ+7JtYH867PRfG9nfIsd7/o8p/iI+U/4V5EI/IGV+XUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICDACNUV4K2PS6h574Z3NaBsIQe5jkVO48MSohjC6s29CjPhlU79cQIYWmBpuNfwroZ6zltyz6Y2Fm6IGV+XUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICDACNUV4K2PS6h574Z3NaBsIQe5jkVO48MSohjC6s29CjPhlU79cQIYWmBpuNfwroZ6zltyz6Y2Fm65V0IfvVicR7zvFFCOhahMuk1cr+Qp936OMEq9sLZGxTjClgwrHGS7YpMSZrEC7bpOmERjo4F/5V0IfvVicR7zvFFCOhahMuk1cr+Qp936OMEq9sLZGxTjClgwrHGS7YpMSZrEC7bpOmERjo4F/n5YmCHJCH8QzCOc9+80gjVEsHiJVABrC8yykjKL5x1V/PSArE4QtMLbkBPGmQYOw8bx6jCHoO43QjUzbqRfBMHZqWVJyoIIZCp+n13XM4+NO/n5YmCHJCH8QzCOc9+80gjVEsHiJVABrC8yykjKL5x1V/PSArE4QtMLbkBPGmQYOw8bx6jCHoO43QjUzbqRfBMHZqWVJyoIIZCp+n13XM4+NO/cDVsZ8bjch0LIOyMrT85n24yfXRlP0s7BFjLm59Jjhf4djuJWikJawWETlypAy86OYRRuwCbIyNauBeTKy+avZvF2oLvpwH4UnudpC06/cDVsZ8bjch0LIOyMrT85n24yfXRlP0s7BFjLm59Jjhf4djuJWikJawWETlypAy86OYRRuwCbIyNauBeTKy+avZvF2oLvpwH4UnudpC06/O0jkj2lQpn9EEUw11RwO6sq9zYTwAUyKerN00cbCfyiZl01CIo0btcTO6hQK3c67PaloJ9lVH8/mH7LuqkMLDH5ugkpzmed/O0jkj2lQpn9EEUw11RwO6sq9zYTwAUyKerN00cbCfyiZl01CIo0btcTO6hQK3c67PaloJ9lVH8/mH7LuqkMLDH5ugkpzmed/8SorfqVkakne6b4mRySFCBXaVZoKmDHzcH2oSSMhM9exyh6dzi1bGu6JAEwEGBECAAwFAjpU6CcFGwwAAAAACgkQx0Y2ObLXeV7lbQCg+N+8SorfqVkakne6b4mRySFCBXaVZoKmDHzcH2oSSMhM9exyh6dzi1bGu6JAEwEGBECAAwFAjpU6CcFGwwAAAAACgkQx0Y2ObLXeV7lbQCg+N+fI3bzqF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7 ReMDlYoIZwRR =Bgy+ fI3bzqF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7 ReMDlYoIZwRR =Bgy+
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
46
PGP encryptionPGP encryption
ReferencReferencee
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
47
PGP decryptionPGP decryption
ReferencReferencee
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
48
Secure SHell (SSH)Secure SHell (SSH)
Provide an Provide an encrypted encrypted secure secure channel channel between between client and client and server.server.
Replacement Replacement for telnet and for telnet and ftp.ftp.
Reference: Reference: SSHSSH
CSC1720 – Introduction to Internet
All copyrights reserved by C.C. Cheung 2003.
49
SummarySummary
Make sure you understand the Make sure you understand the relationship betweenrelationship between– EncryptionEncryption– Digital SignatureDigital Signature– Digital CertificateDigital Certificate– Certificate AuthorityCertificate Authority
Understand which Public/Private key Understand which Public/Private key should be used to encrypt/decrypt should be used to encrypt/decrypt message to/from you?message to/from you?
Discuss PGP, SET, SSH, encrypted Discuss PGP, SET, SSH, encrypted email.email.
Recommended