cpsc6128 - network security network security cpsc6128 – lecture 5 cryptography 1
TRANSCRIPT
CPSC6128 - Network Security
Network SecurityCPSC6128 – Lecture 5
Cryptography
1
CPSC6128- Network Security
CryptographyOverviewSymmetric Key CryptographyPublic Key CryptographyMessage integrity and digital signatures
References:StampSchneier
2
CPSC6128- Network Security
Cryptography basicsThe process of converting plaintext into ciphertext
PlaintextReadable text
CiphertextUnreadable or encrypted text
It is used to hide information from unauthorized users
Decryptionthe process of converting ciphertext back to plaintext
3
CPSC6128- Network Security
History of CryptographySubstitution Cipher
Replaces one letter with another letter based on some key
Example: Julius Ceasar’s CipherKey value of 3ABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABC
4
CPSC6128- Network Security
History of Cryptography (cont)Cryptanalysis
studies the process of breaking encryption algorithms
When a new encryption algorithm is developed cryptanalysts study it and try to break itThis is an important part of the development cycle of a new
encryption algorithm
5
CPSC6128- Network Security
World War IZimmerman Telegram
Encrypted telegram from foreign secretary of the German empire to German ambassador in Mexico
Intercepted and decrypted by the British
Indicated that unrestricted sub warfare would commence
Proposed an alliance with Mexico to reclaim lost land to US.
Pivotal in US entering WWI
6
Cortesty: Wikipedia
CPSC6128- Network Security
World War IIEnigma
Used by the GermansReplaced letters as they were typedSubstitutions were computed using a key and a set of
switches and rotors
7
CPSC6128- Network Security
Cryptography IssuesConfidentialityonly sender, intended receiver should “understand” message contents:
sender encrypts messagereceiver decrypts message
End-Point Authenticationsend, receiver want to confirm identity of each other.
Message Integritysender, receiver want to ensure message not altered
8
CPSC6128- Network Security
Friends and enemies: Alice, Bob, Eve (or Trudy)Well known model in network security worldBob, Alice want to communicate securelyTrudy (intruder) may intercept, delete, add to message
9
CPSC6128- Network Security
Who might Bob, Alice be?...well, real-life Bobs and Alices
Web browsers/server for electronic transactions
online banking client/server
DNS servers
routers exchanging routing table updates
10
CPSC6128- Network Security
The Language of Cryptography
11
m plaintext message KA(m) is ciphertext, encrypted with key KA
m = KB(KA(m))
CPSC6128- Network Security
Simple Encryption Scheme
Substitution Ciphersubstituting one thing for anotherMono-alphabetic cipher: substitute one letter for another
12
Key: The mapping from the set of 26 letters to the set of 26 letters
Plaintext: abcdefghijklmnopqrstuvwxyz
Ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Example:
CPSC6128- Network Security
Poly-alphabetic Encryption - Vigneren monoalphabetic ciphers M1, M2, ...., Mn
Cycling pattern:e.g. n=4, M1, M3, M4, M3, M2; M1, M3, M4, M3, M2
For each new plaintext symbol, use subsequent monoalphabetic pattern in a cyclic pattern.
dog: d from M1, o from M3, g from M4
Key: the n ciphers and the cyclic pattern
13
CPSC6128- Network Security
Vigenere Square
14
CPSC6128- Network Security
Vernam – Perfect Substitution CipherIf we use Vignere with keylength as long as the plaintext
then cryptanalysis will become very difficult.
If we change key every time we encryptthen cryptanalyst’s job becomes even more difficultOne-time pad or Vernam Cipher
How do we get such long keys?A large book shared by transmitter and receiverInitial key followed by previous messages themselves!!Random number sequence based on common shared and
secret seed
Such a cipher is difficult to break but not very practical
15
CPSC6128- Network Security
Breaking an Encryption SchemeCiphertext only attack Eve has ciphertext that she can analyzeTwo approaches
Search through all keysmust be able to differentiate resulting plaintext from gibbersh
Statistical analysisKnow-plaintext attack Eve has some plaintext corresponding to some ciphertext
eg, in monoalphabetic cipher, trudy determines pairings for a,l,i,c,e,b,o
Chosen-plaintext attackEve can get the ciphertext from some chosen plaintext
16
CPSC6128- Network Security
Computational Effort Required
Time Number of primitive operations requiredComputational time required for the attack Some attacks become more feasible as computing power becomes cheaper and faster
MemoryAmount of storage required to complete the attack This can be either hard disk or memory
DataAmount of captured data required to complete the attack
17
CPSC6128- Network Security
Rainbow Tables attack
Time/Memory TradeoffUsed to recover the plaintext from a given HASH valueCommonly used to attack HASHed passwordSALT
random number concatenated to the HASH value to prevent Rainbow table attacks
saltedhash(password) = hash(password.salt)
Since SALT is a random number the attacker would have to compute a Rainbow table for each SALT
valueLarge SALT value is critical
More on Hashes Later
18
CPSC6128- Network Security
Types of CryptographyCrypto often uses keys:
Algorithm is known to everyoneOnly “keys” are secret
Kerckhoff’s PrincipleCan be extended to security systems design in general
Public Key CryptographyInvolves the use of two keys
Symmetric key cryptographyInvolves the use of one key
Hash functionsInvolves the use of no keysNothing secret: How can this be useful?
19
CPSC6128- Network Security
Shannon Characteristics of Good CiphersThe amount of secrecy needed should determine
the amount of labor appropriate for encryption and decryptionThe set of keys and enciphering algorithms
should be free from complexityThe implementation of the process
should be as simple as possibleErrors in ciphering should not
propagate and cause corruption of future information in the messageThe size of enciphered text
Should not be longer than the text of the original message
20
CPSC6128- Network Security
Confusion and DiffusionConfusion
The cryptanalyst should not be able to predict what changing one character in the plaintext will do to the ciphertext
DiffusionChanges in the key should affect many parts in the ciphertext
21
CPSC6128 - Network Security 22
Symmetric Key Cryptography
CPSC6128- Network Security
Symmetric key Cryptography
Symmetric Key cryptoBob and Alice share same symmetric key: Ks
23
CPSC6128- Network Security
Two Types of Symmetric CiphersStream Ciphers
Encrypt one bit at a time
Block CiphersBreak plaintext message into equal-size blocksEncrypt each block as a unit
24
CPSC6128- Network Security
Stream Ciphers:
Combine each bit of keystream with bit of plaintext to get bit of ciphertext
m(i) = ith bit of messageks(i) = ith bit of keystreamc(i) = ith bit of ciphertextc(i) = ks(i) m(i) ( = exclusive or)m(i) = ks(i) c(i)
25
CPSC6128- Network Security
Problems With Stream CiphersKnown plain-text attack
There’s often predictable and repetitive data in communication messages attacker receives some cipher text c and correctly guesses corresponding plaintext mks = m cAttacker now observes c', obtained with same sequence ksM' = ks c'
Even easier Attacker obtains two ciphertexts, c and c', generating with same key
sequence c c' = m m'
There are well known methods for decrypting 2 plaintexts given their XOR
Integrity problem too suppose attacker knows c and m (eg, plaintext attack); wants to change m to m' calculates c' = c (m m') sends c' to destination
26
CPSC6128- Network Security
Example: RC4 Stream Cipher
RC4 is a popular stream cipherExtensively analyzed and considered goodKey can be from 1 to 256 bytesUsed in WEP for 802.11Can be used in SSL
27
CPSC6128- Network Security
Block CiphersMessage to be encrypted
is processed in blocks of k bits (e.g., 64-bit blocks).1-to-1 mapping is used to
map k-bit block of plaintext to k-bit block of ciphertext
28
input output000 110001 111010 101011 100
input output 100 011 101 010 110 000 111 001
Example with k=3
What is the ciphertext for 010110001111 ?
CPSC6128- Network Security
Block CiphersHow many possible mappings are there for k=3?
How many 3-bit inputs?How many permutations of the 3-bit inputs?Answer: 40,320 ; not very many!
In general, 2k! mappings; huge for k=64
Problem: Table approach requires table with 264 entriesEach entry with 64 bitsTable is too big
instead use function that simulates a randomly permuted table
29
CPSC6128- Network Security
Prototype Function
30
64-bit input
S1
8bits
8 bits
S2
8bits
8 bits
S3
8bits
8 bits
S4
8bits
8 bits
S7
8bits
8 bits
S6
8bits
8 bits
S5
8bits
8 bits
S8
8bits
8 bits
64-bit intermediate
64-bit output
Loop for n rounds
From Kaufmanet al
CPSC6128- Network Security
Why Rounds in Prototype?If only a single round, then one bit of input affects at most 8 bits of output.
In 2nd round, the 8 affected bits get scattered and inputted into multiple substitution boxes.
How many rounds?How many times do you need to shuffle cards?Becomes less efficient as n increases
31
CPSC6128- Network Security
Encrypting a Large MessageWhy not just break message in 64-bit blocks, encrypt each block separately?
If same block of plaintext appears twice, will give same cyphertext
How to fix it?Generate random 64-bit number r(i) for each plaintext block m(i)Calculate c(i) = KS( m(i) r(i) )Transmit c(i), r(i), i=1,2,…At receiver: m(i) = KS(c(i)) r(i) Problem: inefficient, need to send c(i) and r(i)
32
CPSC6128- Network Security
Cipher Block Chaining (CBC)CBC generates its own random numbers
Have encryption of current block depending on result of previous blockc(i) = KS( m(i) c(i-1) )m(i) = KS( c(i)) c(i-1)
How to encrypt the first block?Initialization vector (IV): random block = c(0)IV does not have to be secretChange IV for each message (or session)
Guarantees that even if the same message is sent repeatedly, the ciphertext will be completely different each time
33
CPSC6128- Network Security
Cipher Block Chaining (CBC)
34
CPSC6128- Network Security
Symmetric Key Crypto: DES
DES: Data Encryption StandardUS encryption standard [NIST 1993]56-bit symmetric key, 64-bit plaintext inputBlock cipher with cipher block chainingHow secure is DES?
DES Challenge: 56-bit-key-encrypted phrase decrypted (brute force) in less than a dayNo known good analytic attack making DES more secure3DES: encrypt/decrypt 3 times with 3 different keys
ciphertext = EK3(DK2(EK1(plaintext)))
35
CPSC6128- Network Security
Symmetric Key Crypto: DESDES Operation:
initial permutation
16 identical “rounds” of function application each using different 48 bits of key
Final permutation
36
CPSC6128- Network Security
Advanced Encryption StandardNew (Nov. 2001) symmetric-key NIST standard
Used to replace DES
Processes data in 128 bit blocks
128, 192, or 256 bit keys
Brute force decryption (try each key) takes 1 day on DES, but 149 trillion years for AES
37
CPSC6128- Network Security 3
8
Public Key Cryptography
CPSC6128- Network Security
Why Public Key Cryptography
Public Key Cryptographyradically different approach [Diffie-Hellman76, RSA78]Sender and receiver do not share secret key
public encryption key known to allprivate decryption key known only to receiver
39
Symmetric Key Cryptography Requires Sender and Receiver know shared key Q: How do we agree on the key in the first place?
CPSC6128- Network Security
Public Key Cryptography
40
CPSC6128- Network Security
Public Key Encryption Algorithms:
Requirements:need KB and KB such that:
41
K (K (m)) = m BB
- +
Given public key KB , it should be impossible to compute private key KB
-
+
RSA: Rivest, Shamir, Adelson algorithm
- +
CPSC6128- Network Security
Prereq: Modular Arithmetic x mod n = remainder of x when divide by n
Facts:[(a mod n) + (b mod n)] mod n = (a+b) mod n
[(a mod n) - (b mod n)] mod n = (a-b) mod n
[(a mod n) * (b mod n)] mod n = (a*b) mod n
Thus (a mod n)d mod n = ad mod n
Example: x=14, n=10, d=2:(x mod n)d mod n = 42 mod 10 = 6xd = 142 = 196 xd mod 10 = 6
42
CPSC6128- Network Security
RSA: Getting ReadyA message is a bit pattern
A bit pattern can be uniquely represented by an integer numberThus encrypting a message is equivalent to encrypting a number
Examplem= 10010001 . This message is uniquely represented by the decimal number 145. i.e. 14510 = 100100012
To encrypt m, we encrypt the corresponding number which gives a new number (the cyphertext)
43
CPSC6128- Network Security
RSA: Creating Public/Private Keypair
44
1. Choose two large prime numbers p, q (e.g., 1024 bits each)
2. Compute n = pq, Φ = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors with Φ. (e, Φ are “relatively prime”). There may be many
choices for w
4. Choose d such that ed-1 is exactly divisible by Φ. (in other words: ed mod Φ = 1 ; or d = e mod Φ)
5. Public key is (n,e). Private key is (n,d).
K+
BK -
B
{ {-1
CPSC6128- Network Security
RSA: Encryption and Decryption
45
0. Given (n,e) and (n,d) as computed above
1. To encrypt message m (<n), compute
c = m mod ne
2. To decrypt received bit pattern, c, compute
m = c mod n
d
m = (m mod n)e mod nd
c
CPSC6128- Network Security
RSA ExampleBob chooses p=5, q=7. Then n=35, Φ=24.
e=5 (so e, Φ relatively prime).d=29 (so ed-1 exactly divisible by Φ).
Encrypting 8-bit messages.
46
bit pattern m me
c = m mod ne
0000l000 12* 248832 17
c m = c mod nd
17 481968572106750915091411825223071697 12
cd
encrypt:
decrypt:
* The letter “l”
CPSC6128- Network Security
RSA: Another Important PropertyThe following property will be very useful later:
47
K (K (m)) = m BB
- +K (K (m))
BB+ -
=
use public key first, followed
by private key
use private key first, followed by public key
Result is the same!
CPSC6128- Network Security
Why Does RSA Work?Must show that cd mod n = m
where c = me mod nFact: for any x and y: xy mod n = x(y mod z) mod n
where n= pq and z = (p-1)(q-1)Thus,
cd mod n = (me mod n)d mod n = med mod n = m(ed mod z) mod n = m1 mod n = m
48
CPSC6128- Network Security
Why is RSA Secure?Suppose you know Bob’s public key (n,e)
How hard is it to determine d?Essentially need to find factors of n without knowing the two factors p and q
Fact: factoring a big number is hard. Remember e is not unique!! Recent literature
49
Generating RSA Keys Have to find big primes p and q Approach: make good guess then apply testing
rules
CPSC6128- Network Security
Session Keys KS
Exponentiation is computationally intensive
DES is at least 100 times faster than RSA
Bob and Alice use RSA to exchange a symmetric key KS
Once both have KS, they use symmetric key cryptography
50
CPSC6128- Network Security
Diffie-HellmanAllows two entities to agree on shared key
But does not provide encryptionn is a large prime; g is a number less than n.
n and g are made public
51
a, g, n
A=g mod n
K=B mod n
a
a
g, n, A
B
b
B=g mod n
K=A mod n
b
b
a,b – Alice, Bob private keyA,B – Alice, Bob public keyK – Shared secrete
CPSC6128- Network Security
Diffie-Hellman ExampleAlice and Bob agree to use a prime number
n=23 and base g=5.Alice chooses a secret integer a=6
then sends Bob A = ga mod n A = 56 mod 23 = 8.
Bob chooses a secret integer b=15 then sends Alice B = gb mod n
B = 515 mod 23 = 19.Alice computes s = Ba mod n
196 mod 23 = 2.Bob computes s = Ab mod n
815 mod 23 = 2.
52
CPSC6128- Network Security 5
3
Message Integrity and Digital Signatures
CPSC6128- Network Security
Message IntegrityAllows communicating parties to verify the received messages are authentic
Content of message has not been alteredSource of message is who/what you think it isMessage has not been artificially delayed (playback attack)Sequence of messages is maintained
Let’s first talk about message digests
54
CPSC6128- Network Security
Encryption vs. Hashing
Encryption keeps communications private
Encryption and decryption can use same or different keys
Achieved by various algorithms, e.g. DES, CAST
Need key management
Hash transforms message into fixed-size string
One-way hash function Strongly collision-free hash Message digest can be viewed as
“digital fingerprint” Used for message integrity check
and digital certificates Hash is generally faster than
encryption
PlainText
Encryption( )CipherText
Decryption( )
or
Message
Message Digest
Hash
CPSC6128- Network Security
Message DigestsFunction H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature”Note that H( ) is a many-to-1 functionH( ) is often called a “hash function”
56
Desirable properties: Easy to calculate Irreversibility
Can’t determine m from H(m)
Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’)
Seemingly random output
CPSC6128- Network Security
Hash Function AlgorithmsMD5 hash function widely used (RFC 1321)
computes 128-bit message digest in 4-step process
SHA-1 is also usedUS standard [NIST, FIPS PUB 180-1]160-bit message digest
57
kobrien-laptop:~ kobrien$ echo "test" | md5sumd8e8fca2dc0f896fd7cb4cb0031ba249 -
kobrien-laptop:~ kobrien$ echo "test" | md5sumd8e8fca2dc0f896fd7cb4cb0031ba249 -
kobrien-laptop:~ kobrien$ echo "test1" | md5sum3e7705498e8be60520841409ebc69bc1 -
kobrien-laptop:~ kobrien$ echo "test1" | md5sum3e7705498e8be60520841409ebc69bc1 -
CPSC6128- Network Security
Commonly Used Hash Functions(MD5 and SHA)
Both MD5 and SHA are derived based on MD4MD5 provides 128-bit outputSHA provide 160-bit output (only first 96 bits used in IPSec)
Both of MD5 and SHA are considered one-way strongly collision-free hash functions
SHA is computationally slower than MD5, but more secure
MD5, SHA1 not collision resistantRelevance to non-repudiation, commitment
CPSC6128- Network Security
So What Does This Mean?SHA1 is still much safer than MD5
Best known attack has effort > 2^64
HMAC SHA1 (keyed SHA1) believed to be unaffected by current attacks
Industry making a move towards SHA256 and other secure crypto methods
Actual transition will take place within standard groups firstIETF and NIST among others addressing this issue
CPSC6128- Network Security
Birthday Attack
If 23 people are in the room, what is the chance that they all have different birthdays?
365 364 363 362 361 360 343 365
x 365
x 365
x 365
x 365
x 365
x . . . 365 = 49%
So there is a 51% chance that two of them have the same birthday
60
CPSC6128- Network Security
Birthday Attack (Cont)If there are N possible hash values,
You’ll find collisions when you have calculated 1.2 x sqrt(N) values
SHA-1 uses a 160-bit keyTheoretically, it would require 280 computations to breakSHA-1 has already been broken, because of other weaknesses
61
CPSC6128- Network Security
Security Level of Crypto Algorithms
Security Level Work Factor Algorithms
Weak O(240) DES, MD5
Legacy O(264) RC4, SHA1
Minimum O(280) 3DES, SEAL, SKIPJACK
Standard O(2128) AES-128, SHA-256
High O(2192) AES-192, SHA-384
Ultra O(2256) AES-256, SHA-512
CPSC6128- Network Security
Message Authentication Code (MAC)
Authenticates senderVerifies message integrityNo encryption !Also called “keyed hash”Notation: MDm = H(s||m); send m||MDm
63
CPSC6128- Network Security
HMAC Popular MAC standard
Addresses some subtle security flaws1. Concatenates secret to front of message2. Hashes concatenated message3. Concatenates the secret to front of digest4. Hashes the combination again
64
CPSC6128- Network Security
Example: OSPFRecall that OSPF is an intra-AS routing protocolEach router creates map of entire AS (or area) and
runs shortest path algorithm over mapRouter receives link-state advertisements (LSAs) from all other routers in AS
65
Attacks: Message insertion Message deletion Message modification How do we know if an OSPF message is authentic?
CPSC6128- Network Security
OSPF AuthenticationWithin an Autonomous
System, routers send OSPF messages to each other
OSPF provides authentication choicesNo authenticationShared password
inserted in clear in 64-bit authentication field in OSPF packetCryptographic hash
66
Cryptographic hash with MD5 64-bit authentication field includes 32-bit sequence number MD5 is run over a concatenation of the OSPF packet and shared secret key MD5 hash then appended to OSPF packet encapsulated in IP datagram
CPSC6128- Network Security
End Point AuthenticationWant to be sure of the originator of the message
end-point authentication
Assuming Alice and Bob have a shared secret, but will MAC provide message authentication?
We do know that Alice created the message
But did she send it?
67
CPSC6128- Network Security
Playback Attack
68
Bob cannot distinguish between the original communication and the later playback
The Problem is that the shared secret is used over and over
CPSC6128- Network Security
Defending Against Playback Attack: Nonce
69
1) Alice sends the message, ”I am Alice," to Bob
2) Bob chooses a nonce, R, and sends it to Alice
3) Alice encrypts the nonce using Alice and Bob's symmetric secret key, KA-
B. , and sends the encrypted nonce, KA-B (R) back to Bob.
A nonce is a number that a protocol will only ever use once-in-a-lifetime
CPSC6128- Network Security
Nonce (con’t)
It is the fact that Alice knows KA-B and uses it to encrypt a value that lets Bob know that the message he receives was generated by Alice.
The nonce is used to insure that Alice is "live." Bob decrypts the received message If the decrypted nonce equals the nonce he sent Alice
then Alice is authenticated.
70
CPSC6128- Network Security
PKI: IKE Authentication Architecture
Certificate Authority
Key Recovery
Certificate Revocation
Registration and Certification Issuance
Certificate Distribution
Support for Non-Repudiation
Key StorageTrusted
Time Service
Key Generation
CPSC6128- Network Security
Digital Signatures
Entity authenticationData origin authenticationIntegrityNon-repudiation
Private Public
CPSC6128- Network Security
Sign Hash with Private Key
Hash of Message
Signature = “Encrypted” Hash of Message
HashFunction
Messag
e
s74hr7sh7040236fw
7sr7ewq7ytoj56o457
Digital Signatures
Alice
One-Way Function Easy to Produce Hash from Message “Impossible” to Produce Message from Hash
CPSC6128- Network Security
Messag
e
Hash of Message If Hashes Are
Equal, Signature Is Authentic
HashFunction
Hash Message
Re-Hash the Received Message
Message
Message with Appended Signature
Signature
Decrypt the Received Signature
Decrypt Using Alice’s Public Key
Signature Verification
Alice
Signature
CPSC6128- Network Security
Digital Signature = signed message digest
75
large message
mH: Hashfunction H(m)
digitalsignature(encrypt)
Bob’s privat
ekey
K B-
+
Bob sends digitally signed message:
Alice verifies signature and integrity of digitally signed message:
KB(H(m))-
encrypted msg digest
KB(H(m))-
encrypted msg digest
large message
m
H: Hashfunction
H(m)
digitalsignature(decrypt)
H(m)
Bob’s public
key K B+
equal ?
CPSC6128- Network Security
Digital Signatures (more)
Alice thus verifies that:m was signed by Bob (or some else used Bob’s private
key) by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m.• Bob signed m.• No one else signed m.• Bob signed m and not m’.
Non-repudiation:• Alice can take m, and signature KB(m) to court and prove that
Bob signed m.
76
CPSC6128- Network Security
Public Key CertifcationMotivationTrudy plays pizza prank on Bob
Trudy creates e-mail order: Dear Pizza Store, Please deliver to me four pepperoni pizzas. Thank you, BobTrudy signs order with her private keyTrudy sends order to Pizza StoreTrudy sends to Pizza Store her public key, but says it’s Bob’s public key.Pizza Store verifies signature; then delivers four pizzas to Bob.Bob doesn’t even like Pepperoni
77
CPSC6128- Network Security
Certificate AuthoritiesCertification authority (CA)
binds public key to particular entity, E.E (person, router) registers its public key with CA.
E provides “proof of identity” to CA. CA creates certificate binding E to its public key.certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”
78
CPSC6128- Network Security
Certificate AuthoritiesWhen Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere).apply CA’s public key to Bob’s certificate, get Bob’s public key
79
CPSC6128- Network Security
X.509 v3 Certificate
CA Digital Signature
Subject Unique ID
Issuer Unique ID
Subject PublicKey Info
Subject X.500 Name
Validity Period
Issuer (CA) X.500 Name
Signature Algorithm ID
Serial Number
Version
Algorithm ID
Public Key Value
Extension
Signing Algorithm,e.g. SHA1withRSA
CA’s Identity
User’s Identity, e.g. cn, ou, o
User’s Public Key (Boundto User’s Subject Name)
Other User Info,e.g. subAltName, CDP
Signed by CA’s Private Key
Lifetime of this Cert
CPSC6128- Network Security
Example X.509 Certificate
81
Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/[email protected] Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/[email protected] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64:b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b: c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:19:f6:ad:ef:63:2f:92: ab:2f:4b:cf:0a:13:90:ee:2c:0e:43:03:be:f6:ea:8e:9c:67: d0:a2:40:03:f7:ef:6a:15:09:79:a9:46:ed:b7:16:1b:41:72: 0d:19:aa:ad:dd:9a:df:ab:97:50:65:f5:5e:85:a6:ef:19:d1: 5a:de:9d:ea:63:cd:cb:cc:6d:5d:01:85:b5:6d:c8:f3:d9:f7: 8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22: 68:9f