Digital signature & PKI Infrastructure
Download as PPTX, PDF1 like1,750 views
Digital signatures provide authenticity, integrity and non-repudiation for electronic documents. They involve attaching a digital code to an electronically transmitted document that verifies the document's contents and the sender's identity. The digital signature varies from document to document, ensuring the authenticity of each word. Public key infrastructure involves a certification authority that issues digital certificates binding users' identities to their public keys.
Digital signature & PKI Infrastructure
- 2. Username and Password are the only things in a Digital Signature. Any electronic document is a valid document, no need not signed because it is computer generated. Digital Signature are for personal use and can’t be kept in court for perusal. Common Myths
- 3. To provide Authenticity, Integrity and Non- repudiation to electronic documents. Why Digital Signatures ?
- 4. Digital code attached to an electronically transmitted document to verify its contents and the sender's identity. Digital Signature of a person therefore varies from document to document thus ensuring authenticity of each word of that document. What is Digital Signature?
- 5. Symmetric encryption uses the identical key to both encrypt and decrypt the data. Symmetric/Asymmetric Encryption
- 6. Two related keys (public and private) for data encryption and decryption. The private key is never exposed. Takes away the security risk of key sharing. Asymmetric
- 8. Message + Signature Hash Decrypt Signature With Sender’s Public Key SIGN hash With Sender’s Private key Message + signature COMPARE Calculated HashMessage Sender Receiver Hash Sent thru’ Internet if OK Signatures verified Signed Messages
- 10. PIN Protected Soft Tokens Private key is encrypted and kept on the Hard Disk in a file, this file is password protected. Forms the lowest level of security in protecting the key, as The key is highly reachable. PIN can be easily known or cracked.
- 11. Private key is generated in the crypto module residing in the smart card. The key is kept in the memory of the smart card. The key is highly secured as it doesn’t leave the card. The message digest is sent inside the card for signing, and the signatures leave the card. Smart Cards
- 12. Hardware Tokens They are similar to smart cards in functionality as Key is generated inside the token. Key is highly secured as it doesn’t leave the token. Highly portable. Machine Independent.
- 13. Class 0 : Issued only for demonstration/ test purposes. Class 1 : Confirms user's name and E-mail address. Class 2 : Issued for both business personnel and private individuals use. Information in the application provided by the subscriber does not conflict with the information in well- recognized consumer databases. Class 3 : This certificate issued to individuals as well as organizations. High assurance certificates. Issued to individuals only on their personal (physical) appearance before the Certifying Authorities. Different Classes of Digital Signatures
- 14. The pattern also has some (possible) liabilities: Both participants must trust the identity of each other. Thus, certificates issued by some certification authority are needed. Both the sender and the receiver have to previously agree what cryptographic algorithm they support. Liabilities
- 16. Trusted Agency is required which certifies the association of an individual with the key pair. Certifying Authority (CA) This association is done by issuing a certificate to the user by the CA Public key certificate (PKC) All public key certificates are digitally signed by the CA. Public Key Infrastructure
- 17. • Controller is the Root certifying authority responsible for regulating Certifying Authorities (CAs). • CA Must be widely known and trusted. • CA must have well defined Identification process before issuing the certificate. • CA certifies the association of an individual with his public key. • Provides online access to the list of certificates revoked. • Displays online the license issued by the Controller. Certifying Authority
- 19. Public-Key Certification Signed by using CA’s private key User Name & other credentials User’s Public key User Certificate Certificate Database Publish Certificate Request User Name User’s Public Key CA’s Name Validity Digital Signature of CA Certificate Class User’s Email Address Serial No. Key pair Generation Private Public Web site of CA User 1 certificate User 2 certificate . Public License issued by CCA
- 21. • There are only 6 certificate Authorities 1. Safescrypt 2. iTrust (IDRBT) 3. National Informatics Centre(NIC) 4. Tata Consultancy Services 5. (n)Code Solutions 6. e-Mudhra There is only one Root Certificate Authority Root Certifying Authority of India (RCAI) CA’s of India
- 22. Tragedy!!
- 23. Battle is ON!!
- 24. Download and install Gpg4Win(supports Outlook). Download and install Thunderbird. Add extension Engimail (adds OpenPGP message encryption and authentication to your thunderbird client.) Create your key pair. Encrypt/Sign on the go !! DEMO Steps
- 25. Would like to hear from you !! Thank You !! Email- [email protected]