In a conventional known-plaintext authentication scheme, there are known plaintexts for authentication and known plaintexts for encryption. To authenticate data to be transmitted, the transmitting device first authenticates itself with a predetermined one of the known plaintexts. The transmitting device sends a message with authentication information which is computed from the known plaintext. The receiving device authenticates itself with the transmitted authentication information.
However, in an encrypted communication, the ciphertext is not known to the transmitter or the receiver. The transmitter has the plaintext to encrypt, but does not know the encryption key, and the receiver has the ciphertext but does not know the encryption key.
Cryptography solves this problem by using secret keys. For example, both the transmitter and the receiver have two secret keys: a public key which is known to all and a private key which is known only to the transmitter and receiver. The transmitter encrypts plaintext messages with the public key of the receiver using an encryption algorithm. The receiver decrypts the messages with the private key of the transmitter using a decryption algorithm. The secrecy of the messages is achieved because anyone who knows the private key of the transmitter cannot decrypt the messages, and anyone who knows the public key of the receiver cannot encrypt messages without the transmitter's private key.
The main classes of public-key encryption algorithms are the RSA, ElGamal, and Diffie-Hellman algorithms. RSA is the most widely used public-key algorithm.
In addition to providing security, the public-key encryption algorithms also provide an elegant way of generating digital certificates. Digital certificates allow entities to authenticate themselves to each other without having to exchange private key information. A digital certificate includes the public key of the entity and a signature by the entity, as well as other information which authenticates the public key of the entity.
In the digital certificate scheme, when a digital certificate is generated, a message digest of a private key is digitally signed. The signature of the private key is included in the digital certificate along with the public key of the entity. This signature provides evidence that the entity who signed the private key actually owns the private key. The digital signature of the private key also authenticates the public key of the entity.
A certificate authority (CA) signs a digital certificate by creating a signature from a private key. In the digital certificate scheme, the CA may be a Certification Authority (CA). To obtain a digital certificate, a user creates a digital certificate request which includes the information of the public key of be359ba680
Related links:
Comments