certificate
includes public key along with details on the owner and the CA that issued it; owners share their public key by sharing a copy of this
RSA
uses both a public and private key in a matched pair; widely used to protect data such as email and other data transmitted over the internet
Diffie-Hellman
a secure method of sharing symmetric encryption keys over a public network; RSA uses this method with static keys
email digital signature (to maintain integrity)
sender's private key encrypts; sender's public key decrypts (only sender's private key can encrypt)
email encryption (to maintain confidentiality)
recipient's public key encrypts; recipient's private key decrypts (only the recipient's private key can decrypt)
web site encryption
web site's public key encrypts a symmetric ("session") key; private key decrypts a symmetric key; symmetric ("session") key encrypts all data during the session
digital signature
an encrypted hash of a message, encrypted with the sender's private key, decrypted with sender's public key
email encryption
uses recipient's public key to encrypt message; uses recipient's private key to decrypt
email encryption technique
(used with algorithms such as RSA)
1) sender encrypts message with a symmetric key
2) sender retrieves recipient's certificate which has recipient's public key
3) sender uses recipient's public key to encrypt the symmetric key
3) sender sends symmetrically-encrypted message and asymmetrica
SSL
transport layer encryption using asymmetric keys to encrypt symmetric session keys; requires CAs; introduced by Netscape but never standardized
TLS
transport layer encryption introduced after SSL and standardized; requires CAs; used to encapsulate higher-layer traffic with encryption
HTTPS process
1. client requests HTTPS session
2. server responds with certificate containing public key
3. client creates symmetric (session) key and encrypts with server's public key
4. client sends encrypted symmetric (session) key to server
5. server receives encry
CSR (Certificate Signing Request)
method used to request certificates
process used to request a certificate (Certificate Signing Request, or CSR)
1) create RSA-based private key, which is used to create public key
2) include public key in the CSR
3) the CA will embed the public key in the certificate
reasons to revoke certificates
the private key is compromised or the CA is compromised
certificate validation process
1) client initiates session requiring certificate (e.g. HTTPS)
2) server sends certificate which includes copy of public key
3) client queries CA for a copy of CRL
4) CA responds with a copy of CRL
key escrow
process of placing a copy of the private key in a secure environment, which is useful if the private key is somehow lost by the user and they don't want to lose access to the data encrypted by the key
recovery agents
can recover user messages and data when users lose access to their private keys; in some cases, can recover private key from a key escrow