Authentication and digital signatures are a very important application of public-key cryptography. For example, if you receive a message from me that I have encrypted with my private key and you are able to decrypt it using my public key, you should feel reasonably certain that the message did in fact come from me. If I think it necessary to keep the message secret, I may encrypt the message with my private key and then with your public key, that way only you can read the message, and you will know that the message came from me. The only requirement is that public keys are associated with their users by a trusted manner, for example a trusted directory. To address this weakness, the standards community has invented an object called a certificate. A certificate contains, the certificate issuer's name, the name of the subject for whom the certificate is being issued, the public key of the subject, and some time stamps. You know the public key is good, because the certificate issuer has a certificate too.
Pretty Good Privacy (PGP) is a software package originally developed by Phil Zimmerman that provides encryption and authentication for e-mail and file storage applications. Zimmerman developed his freeware program using existing encryption techniques, and made it available on multiple platforms. It provides message encryption, digital signatures, data compression, and e-mail compatibility. PGP uses RSA for key transport and IDEA for bulk encryption of messages. Zimmerman ran into legal problems with RSA over his use of the RSA algorithm in his program. PGP is now available in a couple of legal forms: MIT PGP versions 2.6 and later are legal freeware for non-commercial use, and Viacrypt PGP versions 2.7 and later are legal commercial versions of the same software.
Time stamping is a technique that can certify that a certain electronic document or communication existed or was delivered at a certain time. Time stamping uses an encryption model called a blind signature scheme. Blind signature schemes allow the sender to get a message receipted by another party without revealing any information about the message to the other party.
Time stamping is very similar to sending a registered letter through the U.S. mail, but provides an additional level of proof. It can prove that a recipient received a specific document. Possible applications include patent applications, copyright archives, and contracts. Time stamping is a critical application that will help make the transition to electronic legal documents possible.
The definition of electronic money (also called electronic cash or digital cash) is a term that is still evolving. It includes transactions carried out electronically with a net transfer of funds from one party to another, which may be either debit or credit and can be either anonymous or identified. There are both hardware and software implementations.
Anonymous applications do not reveal the identity of the customer and are based on blind signature schemes. (Digicash's Ecash) Identified spending schemes reveal the identity of the customer and are based on more general forms of signature schemes. Anonymous schemes are the electronic analog of cash, while identified schemes are the electronic analog of a debit or credit card. There are also some hybrid approaches where payments can be anonymous with respect to the merchant but not the bank (CyberCash credit card transactions) ; or anonymous to everyone, but traceable (a sequence of purchases can be related, but not linked directly to the spender's identity).
Encryption is used in electronic money schemes to protect conventional transaction data like account numbers and transaction amounts, digital signatures can replace handwritten signatures or a credit-card authorizations, and public-key encryption can provide confidentiality. There are several systems that cover this range of applications, from transactions mimicking conventional paper transactions with values of several dollars and up, to various micropayment schemes that batch extremely low cost transactions into amounts that will bear the overhead of encryption and clearing the bank.
Secure Socket Layer (SSL)
Netscape has developed a public-key protocol called Secure Socket Layer (SSL) for providing data security layered between TCP/IP (the foundation of Internet-based communications) and application protocols (such as HTTP, Telnet, NNTP, or FTP). SSL supports data encryption, server authentication, message integrity, and client authentication for TCP/IP connections.
The SSL Handshake Protocol authenticates each end of the connection (server and client), with the second or client authentication being optional. In phase 1, the client requests the server's certificate and its cipher preferences. When the client receives this information, it generates a master key and encrypts it with the server's public key, then sends the encrypted master key to the server. The server decrypts the master key with its private key, then authenticates itself to the client by returning a message encrypted with the master key. Following data is encrypted with keys derived from the master key. Phase 2, client authentication, is optional. The server challenges the client, and the client responds by returning the client's digital signature on the challenge with its public-key certificate.
SSL uses the RSA public-key cryptosystem for the authentication steps. After the exchange of keys, a number of different cryptosystems are used, including RC2, RC4, IDEA, DES and triple-DES.
Kerberos is an authentication service developed by MIT which uses secret-key ciphers for encryption and authentication. Kerberos was designed to authenticate requests for network resources and does not authenticate authorship of documents.
In a Kerberos system, there is a site on the network, called the Kerberos server, to perform centralized key management and administrative functions. The server maintains a key database with the secret keys of all users, authenticates the identities of users, and distributes session keys to users and servers who need to authenticate one another. Kerberos depends on a trusted third party, the Kerberos server, and if the server were compromised, the integrity of the whole system would be lost. Kerberos is generally used within an administrative domain (for example across a companies closed network); across domains (e.g., the Internet), the more robust functions and properties of public-key systems are often preferred.
A remailer is a free service that strips off the header information from an electronic message and passes along only the content. It's important to note that the remailer may retain your identity, and rather than trusting the operator, many users may relay their message through several anonymous remailers before sending it to its intended recipient. That way only the first remailer has your identity, and from the end point, it's nearly impossible to retrace.
Here's a typical scenario - the sender intends to post a message to a news group via three remailers (remailer 1, remailer 2, remailer 3). He encrypts the message with the last remailer's (remailer 3's) public key. He sends the encrypted message to remailer 1, which strips away his identity, then forwards it to remailer 2, which forwards it to remailer 3. Remailer 3 decrypts the message and then posts it to the intended newsgroup.
Disk encryption programs encrypt your entire hard disk so that you don't have to worry about leaving any traces of the unencrypted data on your disk.
PGP can also be used to encrypt files. In this case, PGP uses the user's private key along with a user-supplied password to encrypt the file using IDEA. The same password and key are used to unlock the file.
Cryptography Defined/A Brief History of Cryptography
Popular Algorithms & How They Work
Key Length - How Long is Long Enough?
America's Social/Political Debate
Resources & References