Network Security Essentials — Notes4. Public-key Cryptography

1. Public-key Cryptography

   The schem uses two keys, if one is for encryption, then the other is for decryption.

   "Truly revolutionary advance in cryptography"

   "Profound concequences in the areas of Confidentiality, key distrituion and Message Authentication"

2.Six Integriends


  b.Encryption Algorithm (Not Secret)

  c.Public Key (Not Secret)

  d.Private Key (Only known to self)

  e.Decryption Algorithm (Not Secret)

3.Use Case 1 — Encryption

  a.Sender encrypts the msg with receiver’s public key and then sends it.

  b.Receiver decrypts the msg with its own private key. It would succeed.

4.Use Case 2 — Digital Signature

  Problem: C sends a message to B and saying "My name is A". Should B believe this is really from A?

  Solution: A sends a message and attach a signature ( encrypt(message, A’s private key) ). B then decrypts the signature with A’s public key and finds out that the plaintext  = message. Then he believes this message is indeed from A.

5. Use Case 3 — Exchange secret key for a short conversation

  Problem: It’s not safe to deliver secret keys via Email or IM.

  Solution: Encrypt/decrypt the secret key with public/private key

     a. A(The sender) generates a secret key for conversation and encrypt(msg, secretKey)

     b. A calls  encrypt(secretKey, B’s public key)

     c. A sends the encrypted msg and the encryped secret key

     d. B gets the secret key by calling decrypt(encrypted secret key, B’s private key)

     e. B then get the msg in plaintext by calling decrypt(encryptedMsg, secretKey)

6. What if C announces "My name is A. And this is my public key" ?


      a. A (The real sender) puts his name and his public key in a "certificate", and it along with the message

      b. B (The receiver) should read this certificate and see if A’s name is on it

      c. But the certificate can be a fake one. So B should validate this certificate is issued by an trusted authority, the CA


      d. B does the validation by decrypt(certificate, CA’s public key) and see if A’s name is on it, because the certificate is encrypted with CA’s private key.

7. Algothrims

   a. RSA — A large size of key should be used to be safe (1024-bit, for example)

   b.Diffie-Hellman: Used for "Secret Key Exchange" only

   c. DSS: Only for digital signature

   d.elliptic-Curve(ECC): It’s to replace RSA, but it’s new and people still doubt it.


Java API Examples


   //Generate a public/private key pair

  KeyPairGenerator keyGen =  KeyPairGenerator.getInstance("RSA");

  SecureRandom random = SecureRandom.getInstance("SHA1PRNG","SUN");

  keyGen.initialize(1024, random);

  KeyPair pair = keyGen.generateKeyPair()

  //Make a Digital Signature

  Signature sig = Signature.getInstance("SHA1withDSA", "SUN");



  byte[] realSig = sig.sign();

  //Verifying a Signature

   PublicKey pub = pair.getPublic();



   boolean verifies = sig.verify(sig);


Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.