BROADCASTS.com

b"\\u25cb Digital Signatures\\n \\xa7 Goal: verify Authenticity of a message.\\n \\xa7 Based on Asymmetric Cryptography.\\n \\xa7 Basic operations\\n 1. Public / Private keys generation (using some algorithm like RSA)\\n 2. Signing algorithm using the private key\\n 3. Signature verification algorithm using the corresponding public key\\n i. Extending previous Example\\n \\u2022 Steps (Order is very important, bold stuff is the difference added to authenticate sender)\\n \\xae Party 1 (Alice)\\n 1. Generates a random AES Session Key (32 bytes / 256 bits)\\n 2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits)\\n 3. Encrypt the message to be sent using the AES Session Key & IV\\n 4. Calculate an HMAC of the encrypted message using the AES Session key\\n 5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient.\\n 6. Calculate Signature using the private signing key on the HMAC\\n 7. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, HMAC, and Signature) to Bob\\n \\xae Party 2 (Bob)\\n 1. Decrypts Session key using his Private Key\\n 2. Recalculates the HMAC of the encrypted message (Validates message integrity)\\n } If HMAC check pass\\n \\u2013 Verify digital signature using Alice Public Key\\n w If signature verification pass\\n w Decrypts the message using the decrypted AES Session Key and Initialization Vector\\n w Otherwise, identity of the sender couldn't not be verified, reject message.\\n } Otherwise, rejects the message because of integrity check failure.\\n \\u2022 Why Order matters?\\n \\xae Timing Side-Channel Attacks\\n \\xae Padding-Oracle Attack\\n \\n \\u25cb Protocols\\n \\xa7 TLS/SSL\\n \\u2022 How TLS/SSL Works?\\n \\u2022 Mitigates against\\n \\xae Man in the Middle Attacks\\n \\xae Authentication, so the client can be sure it is talking to the correct destination.\\n \\xa7 Public Key Infrastructure (PKI)\\n \\u2022 Certificates aka X.509 Certificate (Sha-1 Signature Issues)\\n \\xae A digitally signed file\\n \\xae Identifies (Computer / User / Device)\\n \\xae Has Public & Private Key, only the certificate owner has the Private Key.\\n \\xae Has Expiration date\\n \\xae Information about the CA that issued the cert \\n \\xae X.509 Extension Attributes (like Usage attribute)\\n \\xae Revocation Information.\\n \\u2022 Certificate Authority (CA) (CNNIC, WoSign)\\n \\xae Issues, signs and manages certificates.\\n \\xae Famous certificate authorities (Verisign, GoDaddy, \\u2026 etc).\\n \\u2022 Trust Chains\\n \\xae CA's can delegate the signing job to subordinate CA's\\n \\u25ca Root CA's signs an intermediate signing certificate to the subordinate CA\\n \\xae The subordinate CA can then issue certificates\\n \\xae To validate a certificate, the client validates the signatures of all the intermediate stages and make sure all of them are linked to a Trusted CA\\n \\u2022 Certificate Revocation Lists (CRL's)\\n \\xae When a certificate is compromised (Private Key leaked) it will be published on the CRL, so each time the cert is validated, the CRL list is checked in case cert is revoked.\\n 3. Takeaways\\n 4. Books\\n a. Understanding Cryptography: A Textbook for Students and Practitionershttps://www.amazon.com/Understanding-Cryptography-Textbook-Students-Practitioners/dp/3642041000\\n\\n\\nOur facebook Page\\nhttp://facebook.com/askdeveloper\\n\\nOn Sound Cloud\\nhttp://soundcloud.com/askdeveloper\\n\\nPlease Like & Subscribe"