Chapter 8
What information must be shared to validate a digital a chain of certificates?
A public key has special credentials that are defined as public key certificates or digital certificates. Digital signatures are used to verify the public key certificate integrity. Certificate construction: Certificate is designed by performing the hashing between owner's name and owner's public key. Hashing is the technique, which is converted arbitrary length of the input message is converted into fixed length output message. Signature construction: Digital signature is nothing but the private key of the owner. Every certificate should following aspects: 1. Owner's public key, which is one of the sources to generate the certificate and it is named as "A". 2. Owner's name of the public key, which is one of the sources to generate the certificate. 3. Digital signature, which is used to verify the certificate integrity and named as "C"
What information must be shared to implement Diffie-Hellman key sharing? What is the result?
Asymmetric encryption: in this encryption two different keys are used namely public key and private key. Sender used his own private key to encrypt the data, receiver use sender public key to decrypt the data. Different categories of asymmetric encryption: 1. Rivest-shamir-adleman (RSA) algorithm 2. Diffie-hellman algorithm 3. Elliptic curve Diffie-hellman algorithm: In diffie-hellman algorithm shared secret key is the main aspect. Every participant has the both public and private keys. Every participant performs multiplication operation with their private key and other's public key to produce the shared secret key. (refer figure 8.14) When both parties perform same operation then both should have identical result.
Describe the different categories of asymmetric encryption algorithms and how they are used in practice.
Asymmetric encryption: in this encryption two different keys are used namely public key and private key. Sender used his own private key to encrypt the data, receiver use sender public key to decrypt the data. Different categories of asymmetric encryption: 1. Rivest-shamir-adleman (RSA) algorithm 2. Diffie-hellman algorithm 3. Elliptic curve RSA algorithm: In RSA algorithm, private key and private key both are consisting numbers because these numbers should generated by large prime numbers. These large prime numbers perform modular operations to produce the public key and private key. Diffie-hellman algorithm: In diffie-hellman algorithm shared secret key is the main aspect. Every participant performs multiplication operation with their private key and other's public key to produce the shared secret key. Elliptic cureve: Elliptic curve is similar to the diffie-hellman algorithm. Shared secret key, every participant multiplying secret key with the other's published product.
What information must be shared to exchange a wrapped key using RSA?
Asymmetric encryption: in this encryption two different keys are used namely public key and private key. Sender used his own private key to encrypt the data, receiver use sender public key to decrypt the data. Different categories of asymmetric encryption: 1. Rivest-shamir-adleman (RSA) algorithm 2. Diffie-hellman algorithm 3. Elliptic curve RSA algorithm: In RSA algorithm, private key and private key both are consisting numbers because these numbers should generated by large prime numbers. These large prime numbers perform modular operations to produce the public key and private key. In RSA we can encrypt with the both public and private keys. Value of the public key is (e, N) and private key is (d, N). Where N is the modulus value of the both key pairs, e is the public exponent (random value). d is the modular inverse of e.
What is the difference between key splitting and key wrapping?
Both Key splitting and Key wrapping is used to maintain the encryption to the files. Key wrapping is the technique that encrypts the key itself using the passphrase. Key splitting is a technique that uses X-OR functions for wrapping. PIC ON PHONE
If we needs enough entropy for a 16-byte key , why should we hash a 20-byte(or larger) passphrase?
Hashing is the function, where arbitrary length input message is converted into the fixed length output. User should have larger passphrase to produce the enough entropy. One-way hash function hashes this passphrase to produce the entropy. Binary generates more entropy than text, so to get a hard trial and error key you would have to use a larger passphrase. Therefore, user should use 20-byte or larger passphrase to produce the 16-byte entropy key.
Summarize the challenges id key management.
Key management: key management is the important aspect in cryptosystem, which is used to generating, distributing, storing the cryptographic keys. These cryptographic keys are used to maintain the protection to the transfer files, which is transmitted from one to another. Challenges in key management: • The main aim for this key management is to distribute the keys to the authorized people only, don't distribute to the unauthorized people. • Generate the keys, which is can't guess by the intruder. For example, in RSA algorithm large prime numbers should be chosen to generate the keys. • The last challenge of the key management is maintain the key integrity. That is intruder shouldn't intercept those keys.
Describe how key wrapping may be applied to file encryption.
Key wrapping is the technique, that encrypts the key itself using the passphrase. Key wrapping is used two types of keys to encrypt the file. 1. Content encryption key (CEK) and 2. Key encrypting key (KEK) CEK: CEK is used to encrypt the data, which is in the file. KEK: KEK is used to produce the passphrase. When CEK is encrypted with the KEK, then wrapped key is produced. Encrypt the file using wrapped keys: • Initially collect the passphrase from the user. • Hash the passphrase to produce KEK • Generate CEK using random keys • Encrypt the CEK and KEK, in order to produce the wrapping key. • Encrypt the file using CEK • Again file is encrypted file by combining ciphertext and wrapped key
Describe the differences between a hierarchial PKI and one that relies on a web of trust.
Public key infrastructure (PKI) is the certification authorities that generates and distribute the certificates. Web of trust is the concept that used in the pretty good privacy (PGP). Web of trust is used verify the authenticity between owner and public key. The difference between hierarchical PKI and Web of trust are as follows: PIC ON PHONE
Summarize the reasons for rekeying an encrypted file.
Rekeying is the process that reduces the vulnerabilities to cryptanalysis. That maintained the strong encryption to the file and key. Reasons for rekeying an encrypted file: • Rekeying is used mostly for the major version files, that files should be confidential. • Same passphrase is mostly used in multiple messages, and then this rekeying is introduced new inner key to every file. • Sometimes used key may be leaked then rekeying is introduced. • Rekeying is used to protect the huge amount of data to be transmitted.
Explain the reused key stream problem.
Reused key stream: Reused key stream is the concept that uses same key in multiple times to encrypt the data. That is same key is used to encrypt the different messages. Problem with the reused key stream: When a key is used in multiple times to encrypt the message, this is should allow the intruder to penetrate the key or key stream. Then intruder easily decrypt the messages, which are transmitted later. Therefore, in order to protect the file the keys shouldn't use more than once.
Explain how one might establish trust in a self-signed certificate.
Self-signed certificates: self-signed certificates is the own public key certificates, that signed by the own signature. These self-signed certificates are used mostly the number of transactions are performed between the same participants. Therefore, there it should deny the attacker's exploitation. Advantage of the self-signed certificate: • Number of transactions is initiated between the same participants by a single certificate. • Independent data easily verified.
Describe the role of the nonce in preventing reused key streams when using the same passphrase to encrypt different files.
There are two blocks used in file's header in order to design the internal key for the file or message, 1. One way hash key and 2. Nonce One-way hash function: Hashing is the function, which is converted the arbitrary length message into fixed length message. Nonce: Nonce is used in the file' header and nonce combined with the passphrase. That can create a high random key. This random key should generate each time of encryption of the file. Advantage of nonce: Nonce shouldn't repeat itself. If same passphrase used to bind the message, then nonce will generate a new key.
What information must be shared to validate a digital signature using RSA?
Asymmetric encryption: in this encryption two different keys are used namely public key and private key. Sender used his own private key to encrypt the data, receiver use sender public key to decrypt the data. Different categories of asymmetric encryption: 1. Rivest-shamir-adleman (RSA) algorithm 2. Diffie-hellman algorithm 3. Elliptic curve RSA algorithm: In RSA algorithm, private key and private key both are consisting numbers because these numbers should generated by large prime numbers. These large prime numbers perform modular operations to produce the public key and private key. Digital signatures in RSA: Bob create a digital signature by using his own private key. For this bob initially performs one-way-hash function to sign that data. Then bob uses his private key to encrypt the hash. One-way hashing is technique, that convert arbitrary length input message is converted into fixed length output message. Then alice recalculates that hashing value and then decrypt the digital signature.
