Public Key Infrastructure (PKI) uses Public Key Technology [notice the similarities? =D]
And the technology involves the use of Digital Signatures [the title my friend, the title!]
Signatures...?? Do what one??
Well, they are used for
- Authentication [Identifying and confirming that you are who you say who are]
- Integrity [The data you sent is legit and not tampered with]
- Non-repudiation [You are unable to deny that you were the one who sent the data]
- Confidentiality [Concerns with what you can see, and also the encryption and decryption of the information sent as well as ensuring no other party is viewing the data]
Public Key Infrastructure is the combination of Software, Encryption Technologies and Services. These 3 components grants organisations the capabilities to enforce security on any forms of communications or business transactions on the world wide web. It incorporates digital certificates, public-key cryptography and certificate authorities into a shared network security architecture.
Now then..moving on to digital signatures..it is different from digital certificate. Digital signatures are like physical signatures you do when you sign a form or a letter, just in a digital way. They can be used to authenticate the identity of the sender of a message or the signer of a document, as well as ensure that the content of the message or document has not been tampered with.
Digital signatures can be extremely portable, time-stamped and it is unable to be copied by anybody else. This ability to ensure that the original signed message arrived means that the sender cannot repudiate it later. It can be used for all kinds of messages regardless of encryption, just so that the receiver would know if the message received is from the right sender and if the content is unchanged.
A digital certificate has the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
Here is a breakdown of how it works..
1) You type an email out for your colleague.
2) Using some software, you get a message hash of the email contents.
3) You use a private key that you obtained from a public-private key authority to encrypt the hash.
4) The encrypted hash becomes your digital signature of the messaage.
5) Your colleague received the email, and verify's that the sender is you by making a hash of out the received message.
6) Your colleague uses your public key to decrypt the hash.
7) If the hashes match, then everything is fine.
No comments:
Post a Comment