digital signature
Post on 16-Nov-2014
1.154 Views
Preview:
DESCRIPTION
TRANSCRIPT
April 8, 2023
Security is the condition of being protected against danger or loss.
ASPECT OF SECURITYAuthenticationPrivacyIntegrityNo Repudiation
03/19/08 2
1. SSL –Secured Socket Layer
2. Protocol for data encryption .
3. Open & nonproprietary protocol .
4. Current implementation-OpenSSL
5. used for:
1. data-encryption
2. server authentication
3. data integrity
4. client authentication
03
/19
/08
3
Infrastructure -uses digital certificates as an authentication mechanism.
Manage certificates and their associated
keys.
Provides public-key encryption & digital signature services.
Establishes and maintains a trustworthy networking environment.
April 8, 2023
Hash Hash Function Function
Jrf843kjfgf*£Jrf843kjfgf*£$&Hdif*7oUsd*&@$&Hdif*7oUsd*&@:<CHDFHSD:<CHDFHSD(**(**
Py75c%bn&*)9|Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkv=&nmdFg$5knvMd’rkvegMs”egMs”
This is a really long This is a really long message about Bill’s…message about Bill’s…
AsymmetricAsymmetricEncryptionEncryption
Message or FileMessage or File Digital SignatureDigital Signature128 bits Message Digest128 bits Message Digest
Calculate a short Calculate a short message digest from message digest from
even a long input even a long input using a one-way using a one-way message digest message digest function (hash)function (hash)
Signatory’s Signatory’s privateprivate key key
privatprivatee
Verifying a Digital SignatureJrf843kjfJrf843kjfgf*£$&Hdgf*£$&Hdif*7oUsdif*7oUsd*&@:<CHD*&@:<CHDFHSD(**FHSD(**
Py75c%bn&*)Py75c%bn&*)9|fDe^bDFaq9|fDe^bDFaq#xzjFr@g5=#xzjFr@g5=&nmdFg$5kn&nmdFg$5knvMd’rkvegMs”vMd’rkvegMs”
Py75c%bn&*)Py75c%bn&*)9|fDe^bDFaq9|fDe^bDFaq#xzjFr@g5=#xzjFr@g5=&nmdFg$5kn&nmdFg$5knvMd’rkvegMs”vMd’rkvegMs”
AsymmetricAsymmetricdecryption decryption (e.g. RSA)(e.g. RSA)
Everyone has Everyone has access to trusted access to trusted public key of the public key of the signatorysignatory
Signatory’s Signatory’s publicpublic keykey
Digital SignatureDigital Signature
This is a This is a really long really long message message about Bill’s…about Bill’s…
Same hash functionSame hash function(e.g. MD5, SHA…)(e.g. MD5, SHA…)
Original MessageOriginal Message
Py75c%bn&*)Py75c%bn&*)9|fDe^bDFaq9|fDe^bDFaq#xzjFr@g5=#xzjFr@g5=&nmdFg$5kn&nmdFg$5knvMd’rkvegMs”vMd’rkvegMs”
Py75c%bn&*)Py75c%bn&*)9|fDe^bDFaq9|fDe^bDFaq#xzjFr@g5=#xzjFr@g5=&nmdFg$5kn&nmdFg$5knvMd’rkvegMs”vMd’rkvegMs”
? == ?? == ?Are They Same?Are They Same?
03/19/08 7
Certificate:
body of data placed in a message to serve as Proof of the sender’s authenticity. consists of encrypted information that associates a public key with the true identity of an individual
Includes the identification and electronic signature of Certificate Authority (CA).
Includes serial number and period of time when the certificate is Valid
03/19/0803/19/08 88
Certificate Authority :
trusted organization that issues certificates for both servers and clients.
create digital certificates that securely bind the names of users to their public keys.
Two types of CA:
* Commercial CA* Self-certified private CA
April 8, 2023
Types of certificates
Root
CERT
eeeee
SERVER
CERT
CLIENT
CERT
OBJ ECT
SIGNING
CERT
OBJ ECT
CERT
April 8, 2023
VERSION
CERTIFICATE SERIAL NO
ALGORITHM
PARAMETER
ISSUER NAME
NOT BEFORE
NOT AFTER
SUBJECT NAME
ALGORITHMS
PARAMETERS
KEY
ISSUER UNIQUE IDENTIFIER
SUBJECT UNIQUE IDENTIFIER
EXTENSION
ALGORITHMS
PARAMETERS
ENCRYPTED
Signature algorithm identifier
validity
signature
Subject public key
info
x.509
April 8, 2023
Client server repository
At client site
Client
Install the certificate in
Signature repository
Server
Registratio
n
office
Registration
form
Registratio
n authority
Certifica-
te
Authority
Trusted root certificate repository
4
3
9
10
8
6
Publish its certificate
for global access
5
7
15
1
14
2
Exchange of
certificate for
authentication 11
12 133
16
Revocation
repository
Certificate reepository
Login repository
Registration repository
WELCOME TO TKT CERT HOME LOGIN POLICY RENEW GUIDELINES
MYCERTIFICATE
TKTCert is a Web of Trust. It is a certificate Authority Which provides digital certificates to clients who need security at optimum level..
Information exchange with this site can,t be viewed or changed by third party..
Do you want to continue??
YES NO VIEW CERTIFICATE
HOME LOGIN POLICY RENEW GUIDELINE MYCERTIFICATE
LOGIN
User Name: Passphrase:
[sign up for new account?] [lost your password?]
LOGIN
HOME LOGIN POLICY RENEW GUIDELINE MYCERTIFICATE
Welcome to your Account of TKT cert.com
ABOUT ME MY DETAILS TYPES OF CERTIFICATES PURPOSE GUIDELINES
LOST PASSPHRASE
Email Address:
Date of birth:
Next
LOST PASSPHRASEQuestion 1st : Question 3rd :
Question 5th :
NEXT
TKTCert will randomly generate a complex passphrase and send it to clients Email-address..
April 8, 2023
HOME LOGIN POLICY RENEW GUIDELINES MYCERTIFICATE
TKT CERT certificate will be shown:
REGISTRATION FORM
April 8, 2023
TKT Cert Certificate Registration Form REG NO. First Name Last Name Email Address Pass Phrase: State Country Company Name City What is your domain name you wish to secure? What is time period for issuing certificate? Please fill at least five questions to verify yourself 1 2 3 4 5 Please remember my profile information. Please keep me up to date on securely alerts via email Agree certificate all terms and conditions.
Continue
HOME LOGIN POLICY RENEW GUIDELINES MYCERTIFICATE
Your password has been updated
and your loginId has been notified of the change !!
Edit your Profile
Change your Passphrase
New Profile:
First name : Last name :
Email address :
State :
Country :
Company name :
Period of validity :
April 8, 2023
My profile details is shown:
First name : abc Last name
Email address : abc@gmail.com
State : Maharashtra
Country : India
Company name : IBM
Period of validity : 30 days.
April 8, 2023
Password ver ification
Login repository
Coded password
Password Password Ok
Access to a CA is allowed
Client
Verify
Login
successful
April 8, 2023
1.
Registration
office
Client
Registration
authority
server
Certificate
authority
Certificate
repository
Browser
1
33
4
6 8
9
10
110100
12
Certificate signing request
Registration
repository
Login
repository
2
5
7
April 8, 2023
Certificate signing request Browser registration repository login repos
Request Access installs forward takes store store login & Certificate certificate blank form word Form fills with details domain forward form form Passphrase verify Blank form Client detail Fwd Blank form Forwards filled form Verified account detail Global certificate authority certificate exchange certificate & throws client certificate Store Certificate repo
Client Server Registration
offi ce Registration
authority Check
s
Submit
Verify
CA
Generate
eee
April 8, 2023
April 8, 2023
Certificate ver ification
Invalid Invalid Invalid Invalid
Certif valid valid valid valid
Path valid
Verified
Not valid certificate
Client CA Type
check
Expiry
check Integrit
y check Certificate
path check
Certificate
valid Client
Certificate
invalid
April 8, 2023
N
BROWSER
INTERMMEDIATE
CA-X INTERMMEDIATE
CA-Y
ROOT CA -A
ROOT CA -B
WEB SERVER1 WEB SERVER1
CERTIFICATE CA-B
CERTIFICATE CA-Y
CERTIFICATE WEB SERVER
Root hierarchy
April 8, 2023
Browser
Root hierarchy
Certificate
Certificate
Own CA path
Certificate certificate Throws its
Certificate
Verified
Access services fetch CA Repo
Root CA Dispatch Client Install
Verify Request
Web server
April 8, 2023
Web services
Web server
CA
CA
repos.
server
CERTIFICAT
-E
Exchange of
CERT.
CLIENT CERT.
+ request
ree CLIENT CERT. &
Request 1
2
4
6
Web-service
CERTFICATE 3
3
7
Client site
Client cert.
5
April 8, 2023
Browser
Request client certificate&
Request
Service Provided
Provided web-service certificate
Verified certificate certificate repo
Provide Service Fetches certi
Self certificate fetch certi.
Client cert. Submits certi.
Client cert+ request
Server cert. Verified certificate
Client Web server
Exchange
exExchan
ge
Web-
Services
Verification CA
April 8, 2023
Exchange of Encrypted certificates
Secure interaction starts
CERTIFICATE
AUTHORITY
CA
REPOSITORY
CLIENT 1 CLIENT 2
4 3
Tw o client interaction from one CA
1
2 5
6 7
April 8, 2023
Decrypted certificate
Encrypted c lient2 certificate encrypted client certificate +
+ CA public key CA repository CA public key
Client certificate request its own certif...
Request its own cert.
Own private +client certificate
sends sends
Encrypted certificate encrypted certificate
Encrypted certificate exchange with each other
Client 1 CA Client 2
Verification
Decrypt
Encryption
Exchange
April 8, 2023
CA 1 CA 2 CA 1
CERTIFICATE
REPOSITORY
CA 2
CERTIFICATE
REPOSITORY
CLIENT CLIENT
2
3
5
Two client interaction from different CA
1
4
April 8, 2023
Decrypt
C1
CA1 CA2
C2
CA1 Repository
Global Repository
CA2 Repository
Fe
tch
CA
2
ce
rtif.
Request for CA2 certif.
CertifCA2
Certif+public key of sender
Fetc
h
C2
c
ertif
.
Secure communication
April 8, 2023
4
5 7
6
9
CERTIFICA- TE
AUTHORITY
8 2 CERTIFICATE
REPOSITORY
1
3
CLIENT1 CLIENT2
10
April 8, 2023
CA Verification
Append Encrypt
C1
Hashing
Encrypt
signature
Encrypt C2
REPOSITORY
Digest + private key
Signed digest+message
Fetch c lient certificate
Encrypted certificate
Certif+public key of c2
Signature sent
Sign+certificate
Sign+certificate
Priv key+sign+certif.
April 8, 2023
57
PGP at the sender site
April 8, 2023 58
PGP at the receiver site
Database Schema
April 8, 2023
Registration no
Registration form
CSR Date
Date of Registration
Customer_id
Login Name
Password
Registration no
Registration Repository Login Repository
April 8, 2023
Certificate Serial No
Type of Certificate
Customer_id
Date of Issue
Expire Date
Registration no
certificate
Certificate serial no
Expire Date
Revocation Date
Certificate
Certificate Repository Revocation Repository
April 8, 2023
Message_id
Signature
Validity
Algorithm
Certificate Serial no
Root_id
Certificate Serial no
CA name
Date of Publish
Certificate
Signature Repository Trusted root Certificate Repository
Platform & software tools required:
Os : LINUX RHEL5
Language :PHP/HTML
Database :MySQL
Server :Apache-Web Server
Protocols :PGP
IDE used :ECLIPSE
Tools&Utilities : GNUPG, GPG,OPENSSL,DOVECOT
top related