Chapter 14 - 04 - Discuss PKI and Certificate Management Concepts - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Cryptography
Cryptography

Module Flow

©
Discuss
O
Discuss
Cryptographic Various
Security Cryptographic
Techniques Algorithms

Cryptography / I I |

Discuss Various Discuss PKI and Discuss Other
Hash Functions Certificate Applications of
and Cryptography Management Cryptography
Tools Concepts

Discuss PKI and Certificate Management
Mlanagement Concepts
This section deals with public key infrastructure (PKI) and the role of each component of PKI,
and certification authorities.

Module 14 Page 1686 Certified Cybersecurity Technician Copyright © by EC-Council
EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

Digital Signature
e 1 Sender
QQO Digital signatures use the asymmetric key algorithms to " fronge the
’;‘:“';:“ e priva.:::::b
provide data integrity the message
message and
and u;::tuvelo
signature to N T...........areceiver
e Message
QO A specific signature function is added to the asymmetric
algorithm at the sender’s side to digitally sign the message b| :.
and a specific verification function is added to verify the : Sender
signature to ensure message integrity at the recipient side —. g
QQO The asymmetric algorithms that support these
these two functions.4.4 "-
are called digital signature algorithms o
C= '|
Sender selects a publicand
public and
Q Digitally
Dpigitally signing messages slows the performance of during L’{’:::V"‘m"““ the
D
verification; the hash value of the message is used instead of
the message itself for better performance
OQ Adigital
Adigital signature
signature isis created using the
created using the hash code ofof the
hash code the ""‘""'
message, the private key of the sender, and the signature c,,,“,,m,.
mm,flw
function S

Q Itis then verified using the hash code of the message, the m ::';"'::v 'x;::
"«N;'e"f::"fl:z*;:: -
e ,w
—
public key of sender, and the verification function s rends the messege m —
provey s
Al 4

Digital Signature (Cont’d)

a.-
N..... g e Private Key
Prhme — Message Containingthe
Message Containing the
Confidential Digital Signature
Mesu‘e
Message ancd
lb(d Py
’mum ‘ |al -.I Confidential Message
msmng
Kuhh; Hash Code m0010
Hash Code

Message Containing the mn"‘Y
Mk m
Digital Signature

Confidential ==
Confidential
muxo
mmo ’
‘
100 Hash Code ' fid
Confidential
Message

Digital Signature
A digital signature is a cryptographic means of authentication. Public-key cryptography uses
asymmetric encryption and helps the user to create a digital signature.
A specific signature function is added to the asymmetric algorithm at the sender's side to
digitally sign the message and a specific verification function is added to verify the signature to

Module 14 Page 1687 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

ensure message integrity at the recipient side. The asymmetric algorithms that support these
two functions are called digital signature algorithms.

Claz
: E Private Key
e : H Message Containingthe

Confidential ¥ v Digital Signature
Message
» 001011 » E ‘ £
101110 - Confidential Message
I a [
Hashing Hash Code Signature
Algorithm
| Function Hash Code

Figure 14.19: Creating a digital signature at the sender side

Class
Public Ke
Message Containingthe - Y
Digital Signature v

Confidential = ’ 001011 ‘
Message =~ 101110 ‘

fi.= a 2
Hashing Hash Code Verification Confidential
Algorithm Function Message
Hash Code

Figure 14.20: Verifying a digital signature at the recipient side

A hash function is an algorithm which helps users to create and verify digital signatures. This
algorithm creates a digital representation, also known as a message fingerprint. This fingerprint
has a hash value that is much smaller than the message, but one that is unique. If an attacker
changes the message, the hash function will automatically produce a different hash value.
In order to verify a digital signature, one requires the hash value of the original message and
the hash function used for creating the digital signature. With the help of the public key and the
new result, the verifier checks whether the digital signature was created with the related
private key and whether the new hash value is the same as the original or not. Digitally signing
messages slows the performance of during verification; the hash value of the message is used
instead of the message itself for better performance.

Module 14 Page 1688 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

Sender uses the private key to Private Key
"sign"
sign" the message and sends M -
the message and signature to ‘,w=
a receiver Confidential
Message
—_—
Sender 10010010

Hash Code

:
T=
C=
|
: Sender selects a public and
» private key and sends the
*: public key to the receiver
JUeesssssssnssssnnnnns

Public Key
Do
D> X3B
@ Y| Confidential
Message
Illlllllllllllll)
IIIIIIII..IIIIII) H ‘

Receiver verifies the signature -
using the public key and then Receiver 10010010
LQI0eSe
reads the message Hash Code

Figure 14.21: Working of Digital Signature

Module 14 Page 1689 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Cryptography

Key Exchange through Digital Envelopes
O Digitalen

keys and data within

Generating a Digital Envelope Extracting the Key from a Digital Envelope.
S 3 [
7|
B =5=0... > K5 —
- Encryption E’::m::!..... " E,',‘.:v,:‘:: D AL

T
Random..,
secretkey
77.77 Oigital
Digital Digtal
Digital... e7p
etyey
secretkey e, pe—— ot envelope
envelope 1 e
envelope. 00 o Random............ >>[