Public Key Authentication

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
-
'''Public key authentication''' is a process of information cryptography that involves the use of public and private keys.
+
'''Public key authentication''', also known as '''asymmetric-key encryption''' is a cryptographic process that involves the generation of a key pair; a public key and a private key for encryption and decryption of messages, as well as the verification of a user's identity on a server. The private key is kept secret on the user's system who generated it, while the public key is distributed to any user or server with which the user wishes to communicate.
-
*also known as asymmetric authentication
+
 
-
*cryptography
+
Messages are encrypted using the public key, and may only be decrypted by the corresponding private key. In this way, possession of the private key is required for the message to be read and third parties are prevented from intercepting the message. Similarly, the private key can generate unique signatures that could only have come from that specific private key. Using the matching public key a server can verify the signature provided and therefore the user's identity.
-
*key pair (public key/private key)
+
-
*private key only exists on source system and generates signatures which cannot be forged
+
-
**anyone possessing matching public key can verify the signature
+
-
*public key can be used to encrypt messages for the source system
+
-
**only the system possessing the matching private key can decrypt the message
+
==Background==
==Background==
Line 14: Line 9:
===Identity Verification Process===
===Identity Verification Process===
 +
* Generate a key pair on your computer
* Generate a key pair on your computer
* Copy your public key to the server
* Copy your public key to the server
Line 20: Line 16:
===Message Encryption/Decryption Process===
===Message Encryption/Decryption Process===
 +
* Generate a key pair on your computer
* Generate a key pair on your computer
* Send your public key to the desired user you wish to communicate with
* Send your public key to the desired user you wish to communicate with
Line 27: Line 24:
===Physical World Equivalent===
===Physical World Equivalent===
-
*padlock, lockbox, keep their key
+
 
 +
The process of message delivery in networking resembles the postal system of the physical world. Encryption of the messages themselves is like locking the parcel with a padlock. Using a symmetric key would involve a single padlock with each user possessing an identical copy of the key used to open that padlock.
 +
 
 +
Alternatively, the use of a public (asymmetric) key system is equivalent to each user purchasing their own key/padlock set and sending the padlock to the user with whom they wish to communicate. This second user would then use this received padlock to lock up any messages they wish to send. The first user then unlocks the padlock with the matching key that they remained in possession of the entire time.
==Benefits==
==Benefits==
 +
* if server is hacked/spoofed
* if server is hacked/spoofed
** attacker can learn your password in symmetric key authentication
** attacker can learn your password in symmetric key authentication
Line 35: Line 36:
==Drawbacks==
==Drawbacks==
 +
* computational cost
* computational cost
** explain uses of hybrids
** explain uses of hybrids
==Public Key Algorithms==
==Public Key Algorithms==
-
* RSA Algorithm
+
 
-
* DSA/DSS (Digital Signature Standard) Algorithm
+
* Primes
-
* Diffie-Hellman Algorithm
+
* Factoring
 +
** RSA (Rivest-Shamir-Adleman) algorithm
 +
* Discrete Logarithms
 +
** DSA/DSS (Digital Signature Standard) algorithm
 +
** Diffie-Hellman algorithm
 +
* Lattices
==References==
==References==
 +
*[http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html#S8.2.8] - Using Public Key Authentication
*[http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html#S8.2.8] - Using Public Key Authentication
*[http://www.infosecwriters.com/text_resources/pdf/Public_Key_Cryptography_AMS.pdf] - Public Key Cryptography
*[http://www.infosecwriters.com/text_resources/pdf/Public_Key_Cryptography_AMS.pdf] - Public Key Cryptography
Line 56: Line 64:
* [http://www.ssh.com/support/cryptography/algorithms/asymmetric.html Asymmetric Ciphers] SSH.com
* [http://www.ssh.com/support/cryptography/algorithms/asymmetric.html Asymmetric Ciphers] SSH.com
-
--[[User:larocqt|larocqt]] 9:23 PM, 4 April 2009 (EDT)
+
--[[User:larocqt|larocqt]] 9:24 AM, 5 April 2009 (EDT)

Revision as of 13:24, 5 April 2009

Public key authentication, also known as asymmetric-key encryption is a cryptographic process that involves the generation of a key pair; a public key and a private key for encryption and decryption of messages, as well as the verification of a user's identity on a server. The private key is kept secret on the user's system who generated it, while the public key is distributed to any user or server with which the user wishes to communicate.

Messages are encrypted using the public key, and may only be decrypted by the corresponding private key. In this way, possession of the private key is required for the message to be read and third parties are prevented from intercepting the message. Similarly, the private key can generate unique signatures that could only have come from that specific private key. Using the matching public key a server can verify the signature provided and therefore the user's identity.

Contents

Background

  • briefly explain password-based/symmetric key authentication
  • go in more detail on public key authentication

Identity Verification Process

  • Generate a key pair on your computer
  • Copy your public key to the server
  • When authentication is required, a signature is generated using the private key
  • Server uses the public key to verify the signature and grant access

Message Encryption/Decryption Process

  • Generate a key pair on your computer
  • Send your public key to the desired user you wish to communicate with
    • Recipient may generate their own key pair
  • Sender uses the recipient's public key to encrypt the message and sends it
  • Recipient uses their private key to decrypt the message

Physical World Equivalent

The process of message delivery in networking resembles the postal system of the physical world. Encryption of the messages themselves is like locking the parcel with a padlock. Using a symmetric key would involve a single padlock with each user possessing an identical copy of the key used to open that padlock.

Alternatively, the use of a public (asymmetric) key system is equivalent to each user purchasing their own key/padlock set and sending the padlock to the user with whom they wish to communicate. This second user would then use this received padlock to lock up any messages they wish to send. The first user then unlocks the padlock with the matching key that they remained in possession of the entire time.

Benefits

  • if server is hacked/spoofed
    • attacker can learn your password in symmetric key authentication
    • attacker would still need your private key in asymmetric key

Drawbacks

  • computational cost
    • explain uses of hybrids

Public Key Algorithms

  • Primes
  • Factoring
    • RSA (Rivest-Shamir-Adleman) algorithm
  • Discrete Logarithms
    • DSA/DSS (Digital Signature Standard) algorithm
    • Diffie-Hellman algorithm
  • Lattices

References

  • [1] - Using Public Key Authentication
  • [2] - Public Key Cryptography
  • [3] - Public Key Cryptography


See Also

External Links

--larocqt 9:24 AM, 5 April 2009 (EDT)

Personal tools