Public Key Authentication

From Computing and Software Wiki

Revision as of 01:51, 5 April 2009

Public key authentication is a process of information cryptography that involves the use of public and private keys.

• also known as asymmetric authentication
• cryptography
• key pair (public key/private key)
• private key only exists on source system and generates signatures which cannot be forged
  • anyone possessing matching public key can verify the signature
• public key can be used to encrypt messages for the source system
  • only the system possessing the matching private key can decrypt the message

Background

• briefly explain password-based/symmetric key authentication
• go in more detail on public key authentication

Identity Verification Process

• Generate a key pair on your computer
• Copy your public key to the server
• When authentication is required, a signature is generated using the private key
• Server uses the public key to verify the signature and grant access

Message Encryption/Decryption Process

• Generate a key pair on your computer
• Send your public key to the desired user you wish to communicate with
  • Recipient may generate their own key pair
• Sender uses the recipient's public key to encrypt the message and sends it
• Recipient uses their private key to decrypt the message

Physical World Equivalent

• padlock, lockbox, keep their key

Benefits

• if server is hacked/spoofed
  • attacker can learn your password in symmetric key authentication
  • attacker would still need your private key in asymmetric key

Drawbacks

• computational cost
  • explain uses of hybrids

Public Key Algorithms

• RSA Algorithm
• DSA/DSS (Digital Signature Standard) Algorithm
• Diffie-Hellman Algorithm

References

• [1] - Using Public Key Authentication
• [2] - Public Key Cryptography
• [3] - Public Key Cryptography

See Also

External Links

• Public Key Encryption at HowStuffWorks.com
• Asymmetric Ciphers SSH.com

--larocqt 9:23 PM, 4 April 2009 (EDT)