This is quick, basic and fundamental idea about Encryption method.
1. Encryption with Key system
Encryption : Hiding what is sent from on node to another
Identification : Making sure the node you are talking to is the one you trust.
Cleartext: None-encrypted data
Ciphertext: Encrypted data
Symmetric Key
– Same key is used to encrypt data between two nodes.
– It is Fast.
* Few issues : How to share the key in secure way and not practical for one to many relationship structure
Asymmetric Key
– Using two keys : Private key and Public key.
– It is slow.
– Node A can issue public key to Node B, C and more to allow send data which can be encrypted with Public key.
– Required two set of public / private key for both party.
2. How SSL works?
Key elements
– Key encryption algorithm : RSA, Diffie-Hellman, DSA
– Cipher algorithm : RC4, Triiple DES, AES
– Hash : HMAC-MD5, HMAC-SHA
– Identification of trust node
Brief Steps of SSL
1. Request to secure communication – Hello
: Tell me what key, cipher and Hash algorithm will use?
2. Server sends – Oh yea~
: Send a certificates, public key and answers of algorithm survey
3. Client sends a message in ciphertext
: Verified the certificate received.
: Send symmetric key in ciphertext to the server
4. Servier sends a messge in ciphertext
5. All messages are now encrypted with symmetric key
: Now sending username and pwd on the SSL session.
References:
Hash algorithm: Not encryption data, but purpose of checking integrity.
A hash algorithm function is public and no key meaning is no confidential data. A "message authentication code" (MAC) is a kind of "keyed hash": a secret key (i.e. an arbitrary bunch of bits) is also input in the process, so that knowledge of the key is necessary to compute the MAC output. This is used for integrity checks. The sender uses the key to compute the MAC, the receiver uses the key to recompute the MAC; if the MAC matches, then the data is correct, because an attacker, not knowing the key, could not have altered the data and computed a valid MAC on the altered data.
HMAC-SHA is a construction which turns a hash function such as SHA into a MAC. TLS is the current, standard name of SSL uses HMAC.
The TLS specification defines cipher suites. A cipher suite is a set of cryptographic algorithms that the client and server agree upon during the initial phase of the connection (the "handshake"). Among the algorithms is the MAC to use to ensure data integrity. RFC 5246
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
