Encrypted Data Crypto Fn. Data Key. Data Encrypted Digest. Why not? Msg DS Conf. Msg KD. EM Conf. Open navigation menu. Close suggestions Search Search. User Settings. Skip carousel. Carousel Previous. Carousel Next. What is Scribd? Explore Ebooks. Bestsellers Editors' Picks All Ebooks. Explore Audiobooks. Bestsellers Editors' Picks All audiobooks.
Explore Magazines. Editors' Picks All magazines. Explore Podcasts All podcasts. Difficulty Beginner Intermediate Advanced. Explore Documents. Basic Internet Security Concepts. Uploaded by akirank1. Did you find this document useful? Is this content inappropriate? Report this Document. Flag for inappropriate content. Download now. Related titles. Carousel Previous Carousel Next. An Application of the Elzaki Transform in Cryptography. Jump to Page. Search inside document. Stack Key Mgmt. Palo Alto Software.
Md Raisul Islam. Arjun Verma. A certificate contains:. Each certificate is digitally signed by a trust point. The trust point signing the certificate can be a certificate authority CA such as VeriSign, a corporation, or an individual.
In SSL communication between two entities, such as companies or individuals, the server has a public key and an associated private key. Each key is a number, with the private key of an entity being kept secret by that entity, and the public key of an entity being publicized to any other parties with which secure communication might be necessary. The security of the data exchanged is guaranteed by keeping the private key secret, and by the complex encryption algorithm. This system is known as asymmetric encryption , because the key used to encrypt data is not the same as the key used to decrypt data.
Asymmetric encryption has a performance cost due to its complexity. A much faster system is symmetric encryption , where the same key is used to encrypt and decrypt data. But the weakness of symmetric encryption is that the same key has to be known by both parties, and if anyone intercepts the exchange of the key, then the communication becomes insecure.
The exchange of public keys is used for mutual authentication of the parties involved in the communication. This also allows the parties to securely cooperate in the creation of symmetric keys that will be used in further encryption and decryption of data in the session.
The following is a basic example of the creation of an SSL session between a client and a server:. The client sends cipher suites, compression methods, highest protocol versions, and random bytes to the server. The server chooses the connection parameters from the choices offered by the client. The symmetric keys are exchanged. Communications are secured in this step using the exchanged public keys.
Session keys bulk encryption keys are then generated based on the master secret, such as a bit RC4 key. The client and server each sends a message that it will use the session key for further communication. In SSL the public key of the server is sent to the client in a data structure known as an X.
This certificate, created by a certificate authority, contains a public key, information concerning the owner of the certificate, and optionally some digital rights of the owner. Certificates are digitally signed by the CA which created them using that CA's digital certificate public key. This check is sometimes performed by analysis of certificate chains. This occurs if the receiving process does not have the signing CA's public key on the approved list.
In that case the receiving process checks to see if the signer of the CA's certificate is on the approved list, or if the signer of the signer is on the approved list, and so on.
This chain of certificate, signer of certificate, signer of signer of certificate, and so on, is a certificate chain. The highest certificate in the chain the original signer is called the root certificate of the certificate chain. The root certificate is often on the approved list of the receiving process.
Certificates in the approved list are considered to be trusted certificates. A root certificate can be signed by a CA or can be self-signed , meaning that the digital signature that verifies the root certificate is encrypted through the private key that corresponds with the public key that the certificate contains, rather than through the private key of a higher CA.
Note that certificates of the CAs themselves are always self-signed. Functionally, a certificate acts as a container for public keys and associated signatures. A single certificate file can contain one or multiple chained certificates, up to an entire chain. Private keys are normally kept separately to prevent them from being inadvertently revealed, although they can be included in a separate section of the certificate file for convenient portability between applications.
A keystore is used to store certificates, including the certificates of all trusted parties, for use by a program. Through its keystore, an entity such as OC4J can authenticate other parties as well as authenticate itself to other parties.
The keystore password is obfuscated. Sun's SSL implementation introduces the notion of a truststore , which is a keystore file that includes the trusted certificate authorities that a client will implicitly accept during an SSL handshake.
In Java, a keystore is a java. KeyStore instance that you can create and manipulate using the keytool utility that is provided with the Sun Microsystems JDK.
The underlying physical manifestation of this object is a file. Skip Headers. Application-Level Security Application-level security determines who can access an application or its data, and what tasks they can perform. The following topics discuss key areas of functionality: About Authentication About Authorization About Au thentication Authentication deals with the question "Who is trying to access services?
About Auth orization Authorization regards the question "Who can perform tasks on which resources offered by which components? The following sections discuss types of authorization, o r access control , and related topics: Access Control Lists and the Capability Model of Access Control Role-Based Access Control The capability and role-based models are complementary and often used together.
Access Co ntrol Lists and the Capability Model of Access Control The capability model is a method for organizing authorization information. Role-Ba sed Access Control A role is essentially a job function or title that defines an authority level. Transport-Level Security Independent of the previously discussed features for authentication and authorization are features for making data secure as it is transmitted.
SS L Authentication With SSL communication, any of the following authentication scenarios are possible: No SSL authentication or null authentication : The server does not send a certificate and does not request a certificate from the client.
A certificate contains: A public key, which is used in public key infrastructure PKI operations Identity information for example, name, company, and country Optional digital rights, which grant privileges to the owner of the certificate Each certificate is digitally signed by a trust point.
Key Encry ption and Exchange In SSL communication between two entities, such as companies or individuals, the server has a public key and an associated private key. The following is a basic example of the creation of an SSL session between a client and a server: The client sends cipher suites, compression methods, highest protocol versions, and random bytes to the server.
The public keys X. The server sends the client its public key, and the client sends the server its public key. The keys are used for mutual authentication where each verifies the certificate of the other.
A master secret is generated cooperatively between the server and client.
0コメント