Download - Joshua thijissen 1 6_alice & bob- pkc 101
![Page 1: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/1.jpg)
Alice & Bob
Mail.ru techforum - 24 april 2012Moskow - Russia
Public key cryptography 101
vrijdag 20 april 12
![Page 2: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/2.jpg)
Joshua Thijssen / Netherlands
Freelance consultant, developer and trainer @ NoxLogic / Techademy
Development in PHP, Python, Perl, C, Java....
Blog: http://adayinthelifeof.nl
Email: [email protected]: @jaytaph
2
vrijdag 20 april 12
![Page 3: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/3.jpg)
An introduction into public key cryptography
3
vrijdag 20 april 12
![Page 4: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/4.jpg)
4
Without this there would be no internet as we know today
(really)
vrijdag 20 april 12
![Page 5: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/5.jpg)
5
vrijdag 20 april 12
![Page 6: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/6.jpg)
Meet Alice,
5
vrijdag 20 april 12
![Page 7: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/7.jpg)
Meet Alice,
and Bob.
5
Hi Bob!
Hello Alice!
vrijdag 20 april 12
![Page 8: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/8.jpg)
“bad” encryption algorithms
6http://www.flickr.com/photos/dpwk/1714014449/in/pool-1621478@N23/
vrijdag 20 april 12
![Page 9: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/9.jpg)
“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26
‣ SUBSTITUTION SCHEME7
vrijdag 20 april 12
![Page 10: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/10.jpg)
ciphertext: 19, 5, 3, 18, 5, 20
“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26
‣ SUBSTITUTION SCHEME7
vrijdag 20 april 12
![Page 11: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/11.jpg)
ciphertext: 19, 5, 3, 18, 5, 20
“algorithm”:A = 1, B = 2, C = 3, ...., Z = 26
=S E C R E T
‣ SUBSTITUTION SCHEME7
vrijdag 20 april 12
![Page 12: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/12.jpg)
8‣ SUBSTITUTION SCHEME
vrijdag 20 april 12
![Page 13: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/13.jpg)
8
ciphertext:
‣ SUBSTITUTION SCHEME
vrijdag 20 april 12
![Page 14: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/14.jpg)
8
ciphertext:
=W I N G D I N G S
‣ SUBSTITUTION SCHEME
vrijdag 20 april 12
![Page 15: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/15.jpg)
“algorithm”:c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT9http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
vrijdag 20 april 12
![Page 16: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/16.jpg)
“algorithm”:c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT9
Message: C O D E
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
vrijdag 20 april 12
![Page 17: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/17.jpg)
“algorithm”:c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT9
Message: C O D ECiphertext (key=1): D P E F
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
vrijdag 20 april 12
![Page 18: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/18.jpg)
“algorithm”:c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT9
Message: C O D ECiphertext (key=1): D P E FCiphertext (key=2): E Q F G
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
vrijdag 20 april 12
![Page 19: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/19.jpg)
“algorithm”:c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT9
Message: C O D ECiphertext (key=1): D P E FCiphertext (key=2): E Q F GCiphertext (key=-1): B M C D
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
vrijdag 20 april 12
![Page 20: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/20.jpg)
“algorithm”:c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT9
Message: C O D ECiphertext (key=1): D P E FCiphertext (key=2): E Q F GCiphertext (key=-1): B M C D
Ciphertext (key=0): C O D E
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
vrijdag 20 april 12
![Page 21: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/21.jpg)
“algorithm”:c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT9
Message: C O D ECiphertext (key=1): D P E FCiphertext (key=2): E Q F GCiphertext (key=-1): B M C D
Ciphertext (key=0): C O D E Ciphertext (key=26): C O D E
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
vrijdag 20 april 12
![Page 22: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/22.jpg)
“algorithm”:c = m + k mod 26
‣ CAESARIAN CIPHER or CAESARIAN SHIFT9
Message: C O D ECiphertext (key=1): D P E FCiphertext (key=2): E Q F GCiphertext (key=-1): B M C D
Ciphertext (key=0): C O D E Ciphertext (key=26): C O D ECiphertext (key=52): C O D E
http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Caesar3.svg
vrijdag 20 april 12
![Page 23: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/23.jpg)
‣ FLAWS IN THESE CIPHERS10
vrijdag 20 april 12
![Page 24: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/24.jpg)
➡Key is too easy to guess.
‣ FLAWS IN THESE CIPHERS10
vrijdag 20 april 12
![Page 25: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/25.jpg)
➡Key is too easy to guess.
➡Key has to be send to Bob.
‣ FLAWS IN THESE CIPHERS10
vrijdag 20 april 12
![Page 26: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/26.jpg)
➡Key is too easy to guess.
➡Key has to be send to Bob.
➡Deterministic.
‣ FLAWS IN THESE CIPHERS10
vrijdag 20 april 12
![Page 27: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/27.jpg)
➡Key is too easy to guess.
➡Key has to be send to Bob.
➡Deterministic.
➡Prone to frequency analysis.
‣ FLAWS IN THESE CIPHERS10
vrijdag 20 april 12
![Page 28: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/28.jpg)
11
vrijdag 20 april 12
![Page 29: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/29.jpg)
➡ The usage of every letter in the English (or any other language) can be represented by a percentage.
11
vrijdag 20 april 12
![Page 30: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/30.jpg)
➡ The usage of every letter in the English (or any other language) can be represented by a percentage.
➡ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%.
11
vrijdag 20 april 12
![Page 31: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/31.jpg)
➡ The usage of every letter in the English (or any other language) can be represented by a percentage.
➡ ‘E’ is used 12.7% of the times in english texts, the ‘Z’ only 0.074%.
➡ ‘O’ is used 11.07% of the times in russian texts, the ‘Ъ’ only 0.02%.
11
vrijdag 20 april 12
![Page 32: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/32.jpg)
http://www.gutenberg.org/cache/epub/14082/pg14082.txt
Once upon a midnight dreary, while I pondered, weak and weary,Over many a quaint and curious volume of forgotten lore—While I nodded, nearly napping, suddenly there came a tapping,As of some one gently rapping—rapping at my chamber door."'Tis some visitor," I muttered, "tapping at my chamber door— Only this and nothing more."
12
vrijdag 20 april 12
![Page 33: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/33.jpg)
A small bit of text can result in differences, but still there are some letters we can deduce..
‣ “THE RAVEN”, FIRST PARAGRAPH 13
vrijdag 20 april 12
![Page 34: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/34.jpg)
We can deduce almost all letters just without even CARING about the crypto algorithm used.
‣ “THE RAVEN”, ALL PARAGRAPHS14
vrijdag 20 april 12
![Page 35: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/35.jpg)
‣ FLAWS IN THESE CIPHERS15
vrijdag 20 april 12
![Page 36: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/36.jpg)
➡Determinism and the ability to use frequency analysis are “bad things”
‣ FLAWS IN THESE CIPHERS15
vrijdag 20 april 12
![Page 37: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/37.jpg)
‣ SYMMETRICAL ALGORITHMS16
vrijdag 20 april 12
![Page 38: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/38.jpg)
➡ Previous examples were symmetrical encryptions.
‣ SYMMETRICAL ALGORITHMS16
vrijdag 20 april 12
![Page 39: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/39.jpg)
➡ Previous examples were symmetrical encryptions.
➡ Same key is used for both encryption and decryption.
‣ SYMMETRICAL ALGORITHMS16
vrijdag 20 april 12
![Page 40: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/40.jpg)
➡ Previous examples were symmetrical encryptions.
➡ Same key is used for both encryption and decryption.
➡ Good symmetrical encryptions: AES, Blowfish, (3)DES
‣ SYMMETRICAL ALGORITHMS16
vrijdag 20 april 12
![Page 41: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/41.jpg)
‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS 17
vrijdag 20 april 12
![Page 42: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/42.jpg)
How does Alice send over the key securely to Bob? Everybody’s listening!
‣ THE PROBLEM WITH SYMMETRICAL ALGORITHMS 17
vrijdag 20 april 12
![Page 43: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/43.jpg)
Another encryption system:
Asymmetrical encryption or public key encryption.
18
vrijdag 20 april 12
![Page 44: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/44.jpg)
Two keys instead of one:
public key - available for everybody. Can be published on your blog.
private key - For your eyes only!
19
vrijdag 20 april 12
![Page 45: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/45.jpg)
http://upload.wikimedia.org/wikipedia/commons/f/f9/Public_key_encryption.svg
‣ USES 2 KEYS INSTEAD OF ONE: A KEYPAIR20
vrijdag 20 april 12
![Page 46: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/46.jpg)
It is NOT possible to decrypt the message with same key that is used to encrypt.
21
vrijdag 20 april 12
![Page 47: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/47.jpg)
Encrypt with public key: - only private key (thus Alice) can decrypt. - message is only for Alice = encryption
22
vrijdag 20 april 12
![Page 48: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/48.jpg)
Encrypt with public key: - only private key (thus Alice) can decrypt. - message is only for Alice = encryption
22
Encrypt with private key: - only public key can decrypt. - message is guaranteed coming for Alice = signing
vrijdag 20 april 12
![Page 49: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/49.jpg)
Symmetrical
✓ quick.
✓ not resource intensive.
✓ useful for small and large messages.
✗ need to send over the key to the other side.
Asymmetrical
✓ no need to send over the (whole) key.
✓ can be used for encryption and validation (signing).
✗ very resource intensive.
✗ only useful for small messages.
23
vrijdag 20 april 12
![Page 50: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/50.jpg)
Use symmetrical encryption for the (large) message and encrypt the key used with an asymmetrical
encryption method.
24
vrijdag 20 april 12
![Page 51: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/51.jpg)
Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
25
vrijdag 20 april 12
![Page 52: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/52.jpg)
+
http://www.zastavki.com/pictures/1152x864/2008/Animals_Cats_Small_cat_005241_.jpg
Hybrid
✓ quick
✓ not resource intensive
✓ useful for small and large messages
✓ safely exchange key data
25
vrijdag 20 april 12
![Page 53: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/53.jpg)
But how does it work?
26
vrijdag 20 april 12
![Page 54: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/54.jpg)
RSA
27
vrijdag 20 april 12
![Page 55: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/55.jpg)
RSARon Rivest, Adi Shamir, Leonard Adleman
27
vrijdag 20 april 12
![Page 56: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/56.jpg)
RSARon Rivest, Adi Shamir, Leonard Adleman
27
1978
vrijdag 20 april 12
![Page 57: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/57.jpg)
RSARon Rivest, Adi Shamir, Leonard Adleman
27
1978
Pierre de Fermat, Leonard Euler17th - 18th century
vrijdag 20 april 12
![Page 58: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/58.jpg)
Public key encryption works on the premise that it is practically impossible to refactor a large number
back into 2 separate prime numbers
28
vrijdag 20 april 12
![Page 59: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/59.jpg)
Public key encryption works on the premise that it is practically impossible to refactor a large number
back into 2 separate prime numbers
Prime number is only divisible by 1 and itself: 2, 3, 5, 7, 11, 13, 17, 19 etc...
28
vrijdag 20 april 12
![Page 60: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/60.jpg)
29
vrijdag 20 april 12
![Page 61: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/61.jpg)
“large” number: 221
29
vrijdag 20 april 12
![Page 62: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/62.jpg)
“large” number: 221
but we cannot calculate its prime factors without brute force.There is no “formula” (like e=mc2)
29
vrijdag 20 april 12
![Page 63: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/63.jpg)
“large” number: 221
but we cannot calculate its prime factors without brute force.There is no “formula” (like e=mc2)
(13 and 17)
29
vrijdag 20 april 12
![Page 64: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/64.jpg)
30
vrijdag 20 april 12
![Page 65: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/65.jpg)
➡ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible)
30
vrijdag 20 april 12
![Page 66: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/66.jpg)
➡ There is no proof that it’s impossible to refactor quickly (all tough it doesn’t look plausible)
➡ Brute-force decrypting is always lurking around (quicker machines, better algorithms).
30
vrijdag 20 april 12
![Page 67: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/67.jpg)
31
The mathbehind the curtain
vrijdag 20 april 12
![Page 68: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/68.jpg)
32
vrijdag 20 april 12
![Page 69: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/69.jpg)
32
➡ p = (large) prime number
vrijdag 20 april 12
![Page 70: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/70.jpg)
32
➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
vrijdag 20 april 12
![Page 71: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/71.jpg)
32
➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
➡ n = p . q (bit length of the RSA key)
vrijdag 20 april 12
![Page 72: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/72.jpg)
32
➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
➡ n = p . q (bit length of the RSA key)
➡ φ = (p-1) . (q-1) (the φ thingie is called phi)
vrijdag 20 april 12
![Page 73: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/73.jpg)
32
➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
➡ n = p . q (bit length of the RSA key)
➡ φ = (p-1) . (q-1) (the φ thingie is called phi)
➡ e = gcd(e, φ) = 1
vrijdag 20 april 12
![Page 74: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/74.jpg)
32
➡ p = (large) prime number
➡ q = (large) prime number (but not too close to p)
➡ n = p . q (bit length of the RSA key)
➡ φ = (p-1) . (q-1) (the φ thingie is called phi)
➡ e = gcd(e, φ) = 1
➡ d = (d . e) mod φ = 1
vrijdag 20 april 12
![Page 75: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/75.jpg)
Step 1: select primes P and Q
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33
vrijdag 20 april 12
![Page 76: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/76.jpg)
Step 1: select primes P and Q
‣ P = 11
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33
vrijdag 20 april 12
![Page 77: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/77.jpg)
Step 1: select primes P and Q
‣ P = 11
‣ Q = 3
‣ P = ? | Q = ? | N = ? | Phi = ? | e = ? | d = ? 33
vrijdag 20 april 12
![Page 78: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/78.jpg)
Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
vrijdag 20 april 12
![Page 79: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/79.jpg)
➡ N = P . Q = 11 . 3 = 33
Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
vrijdag 20 april 12
![Page 80: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/80.jpg)
➡ N = P . Q = 11 . 3 = 33
➡φ = (11-1) . (3-1) = 10 . 2 = 20
Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
vrijdag 20 april 12
![Page 81: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/81.jpg)
➡ N = P . Q = 11 . 3 = 33
➡φ = (11-1) . (3-1) = 10 . 2 = 20
Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
33 decimal is 100001 in binary == 6 bit key
vrijdag 20 april 12
![Page 82: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/82.jpg)
➡ N = P . Q = 11 . 3 = 33
➡φ = (11-1) . (3-1) = 10 . 2 = 20
Step 2: calculate N and Phi
‣ P = 11 | Q = 3 | N = ? | Phi = ? | e = ? | d = ? 34
There are 20 co primes for 33 : φ(33) = 20
33 decimal is 100001 in binary == 6 bit key
vrijdag 20 april 12
![Page 83: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/83.jpg)
Step 3: find e
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
vrijdag 20 april 12
![Page 84: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/84.jpg)
Step 3: find e
‣ e = 3
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
vrijdag 20 april 12
![Page 85: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/85.jpg)
Step 3: find e
‣ e = 3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
vrijdag 20 april 12
![Page 86: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/86.jpg)
Step 3: find e
‣ e = 3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
Fermat number: 2 + 12n
vrijdag 20 april 12
![Page 87: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/87.jpg)
Step 3: find e
‣ e = 3
‣ gcd(e, φ) = 1 ==> gcd(3, 20) = 1
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = ? | d = ? 35
Fermat number: 2 + 12n
Fermat prime: Fermat that is prime: 3, 5, 17, 257, 65537Study shows that 98.5% of the time 65537 is used
vrijdag 20 april 12
![Page 88: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/88.jpg)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: find d
36
vrijdag 20 april 12
![Page 89: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/89.jpg)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: find d
‣ Extended Euclidean Algorithm gives 7
36
vrijdag 20 april 12
![Page 90: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/90.jpg)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: find d
‣ Extended Euclidean Algorithm gives 7
‣ brute force: (e.d mod φ = 1)
36
vrijdag 20 april 12
![Page 91: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/91.jpg)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = ?
Step 4: find d
‣ Extended Euclidean Algorithm gives 7
‣ brute force: (e.d mod φ = 1)
3 . 1 = 3 mod 20 = 33 . 2 = 6 mod 20 = 63 . 3 = 9 mod 20 = 93 . 4 = 12 mod 20 = 123 . 5 = 15 mod 20 = 15
3 . 6 = 18 mod 20 = 183 . 7 = 21 mod 20 = 1 3 . 8 = 24 mod 20 = 43 . 9 = 27 mod 20 = 73.10 = 30 mod 20 = 10
36
vrijdag 20 april 12
![Page 92: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/92.jpg)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37
vrijdag 20 april 12
![Page 93: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/93.jpg)
That’s it:
➡ public key = (n, e) = (33, 3)
➡ private key = (n, d) = (33, 7)
‣ P = 11 | Q = 3 | N = 33 | Phi = 20 | e = 3 | d = 7 37
vrijdag 20 april 12
![Page 94: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/94.jpg)
The actual math is much more complex since we use very large numbers, but it all comes
down to these (relatively simple) calculations..
38
vrijdag 20 april 12
![Page 95: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/95.jpg)
39
jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.key
vrijdag 20 april 12
![Page 96: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/96.jpg)
39
jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.keyPrivate-Key: (256 bit)modulus: 00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6: 9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19publicExponent: 65537 (0x10001)privateExponent: 22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e: 2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3dprime1: 00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17prime2: 00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4fexponent1: 00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95exponent2: 5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1bcoefficient: 00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d
vrijdag 20 april 12
![Page 97: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/97.jpg)
39
jthijssen@debian-jth:~$ openssl rsa -text -noout -in server.keyn
ed
p
q
d mod (p-1)
e mod (q-1)(inverse q) mod p
Private-Key: (256 bit)modulus: 00:c2:d0:c4:1f:6f:78:16:82:d1:0c:dd:5a:af:de:f2:ff:31:c6: 9b:3b:9f:e8:24:2a:5c:06:56:ea:d7:7c:c6:19publicExponent: 65537 (0x10001)privateExponent: 22:8f:fd:2b:82:90:30:96:36:d6:6c:73:09:5e:a9:87:73:6e: 2d:d4:d5:78:fc:3b:20:ea:0d:02:e5:2b:cb:3dprime1: 00:f0:49:fd:91:18:01:53:92:8f:87:d7:2b:c8:19:7d:17prime2: 00:cf:8d:a1:3b:93:af:61:77:8f:c9:8f:1d:aa:8d:b4:4fexponent1: 00:e1:d8:c9:89:bc:84:52:a6:a8:5d:47:32:91:6a:d3:95exponent2: 5a:88:b1:fa:d5:d9:db:8f:16:a6:5a:0a:1b:ba:42:1bcoefficient: 00:99:fa:de:80:d4:ee:f3:69:59:e5:8a:72:ad:e5:30:3d
vrijdag 20 april 12
![Page 98: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/98.jpg)
Encrypting a message:c = me mod n
Decrypting a message:m = cd mod n
40
vrijdag 20 april 12
![Page 99: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/99.jpg)
Encrypting a message: private key = (n,d) = (33, 7):Decrypting a message: public key = (n,e) = (33, 3):
m = 13, 20, 15, 5
13^7 mod 33 = 720^7 mod 33 = 2615^7 mod 33 = 275^7 mod 33 = 14
c = 7, 26, 27,14
41
vrijdag 20 april 12
![Page 100: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/100.jpg)
Encrypting a message: private key = (n,d) = (33, 7):Decrypting a message: public key = (n,e) = (33, 3):
m = 13, 20, 15, 5
13^7 mod 33 = 720^7 mod 33 = 2615^7 mod 33 = 275^7 mod 33 = 14
c = 7, 26, 27,14
41
c = 7, 26, 27,14
7^3 mod 33 = 1326^3 mod 33 = 2027^3 mod 33 = 1514^3 mod 33 =5
m = 13, 20, 15, 5
vrijdag 20 april 12
![Page 101: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/101.jpg)
42
vrijdag 20 april 12
![Page 102: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/102.jpg)
➡ A message is an “integer”
42
vrijdag 20 april 12
![Page 103: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/103.jpg)
➡ A message is an “integer”
➡ A message must be between 2 and n-1.
42
vrijdag 20 april 12
![Page 104: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/104.jpg)
➡ A message is an “integer”
➡ A message must be between 2 and n-1.
➡ Deterministic, so we must use a padding scheme to make it non-deterministic.
42
vrijdag 20 april 12
![Page 105: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/105.jpg)
43
vrijdag 20 april 12
![Page 106: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/106.jpg)
➡ Public Key Cryptography Standard #1
43
vrijdag 20 april 12
![Page 107: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/107.jpg)
➡ Public Key Cryptography Standard #1
➡ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x).
43
vrijdag 20 april 12
![Page 108: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/108.jpg)
➡ Public Key Cryptography Standard #1
➡ Pads data with (random) bytes up to n bits in length (v1.5 or OAEP/v2.x).
➡ Got it flaws and weaknesses too. Always use the latest available version (v2.1)
43
vrijdag 20 april 12
![Page 109: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/109.jpg)
Data = 4E636AF98E40F3ADCFCCB698F4E80B9F
The encoded message block, EMB, after encoding but before encryption, with random padding bytes shown in green:0002257F48FD1F1793B7E5E02306F2D3228F5C95ADF5F31566729F132AA12009E3FC9B2B475CD6944EF191E3F59545E671E474B555799FE3756099F044964038B16B2148E9A2F9C6F44BB5C52E3C6C8061CF694145FAFDB24402AD1819EACEDF4A36C6E4D2CD8FC1D62E5A1268F496004E636AF98E40F3ADCFCCB698F4E80B9F
After RSA encryption, the output is:3D2AB25B1EB667A40F504CC4D778EC399A899C8790EDECEF062CD739492C9CE58B92B9ECF32AF4AAC7A61EAEC346449891F49A722378E008EFF0B0A8DBC6E621EDC90CEC64CF34C640F5B36C48EE9322808AF8F4A0212B28715C76F3CB99AC7E609787ADCE055839829E0142C44B676D218111FFE69F9D41424E177CBA3A435B
http://www.di-mgt.com.au/rsa_alg.html#pkcs1schemes 44
vrijdag 20 april 12
![Page 110: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/110.jpg)
45
Practical applications of PKE
vrijdag 20 april 12
![Page 111: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/111.jpg)
HTTPS
46
vrijdag 20 april 12
![Page 112: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/112.jpg)
➡HTTP encapsulated by TLS (previously SSL).
HTTPS
46
vrijdag 20 april 12
![Page 113: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/113.jpg)
➡HTTP encapsulated by TLS (previously SSL).
➡More or less: an encryption layer on top of http.
HTTPS
46
vrijdag 20 april 12
![Page 114: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/114.jpg)
➡HTTP encapsulated by TLS (previously SSL).
➡More or less: an encryption layer on top of http.
➡Myth: HTTPS uses public key encryption for communication.
HTTPS
46
vrijdag 20 april 12
![Page 115: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/115.jpg)
➡HTTP encapsulated by TLS (previously SSL).
➡More or less: an encryption layer on top of http.
➡Myth: HTTPS uses public key encryption for communication.
➡ Fact: HTTPS uses public key encryption to SETUP communication.
HTTPS
46
vrijdag 20 april 12
![Page 116: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/116.jpg)
47
jthijssen@debian-jth:~$ openssl x509 -text -noout -in github.pem Certificate: Data: Version: 3 (0x2) Serial Number: 0e:77:76:8a:5d:07:f0:e5:79:59:ca:2a:9d:50:82:b5 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV CA-1 Validity Not Before: May 27 00:00:00 2011 GMT Not After : Jul 29 12:00:00 2013 GMT Subject: businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/serialNumber=C3268102, C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ed:d3:89:c3:5d:70:72:09:f3:33:4f:1a:72:74: d9:b6:5a:95:50:bb:68:61:9f:f7:fb:1f:19:e1:da: 04:31:af:15:7c:1a:7f:f9:73:af:1d:e5:43:2b:56: 09:00:45:69:4a:e8:c4:5b:df:c2:77:52:51:19:5b: d1:2b:d9:39:65:36:a0:32:19:1c:41:73:fb:32:b2: 3d:9f:98:ec:82:5b:0b:37:64:39:2c:b7:10:83:72: cd:f0:ea:24:4b:fa:d9:94:2e:c3:85:15:39:a9:3a: f6:88:da:f4:27:89:a6:95:4f:84:a2:37:4e:7c:25: 78:3a:c9:83:6d:02:17:95:78:7d:47:a8:55:83:ee: 13:c8:19:1a:b3:3c:f1:5f:fe:3b:02:e1:85:fb:11: 66:ab:09:5d:9f:4c:43:f0:c7:24:5e:29:72:28:ce: d4:75:68:4f:24:72:29:ae:39:28:fc:df:8d:4f:4d: 83:73:74:0c:6f:11:9b:a7:dd:62:de:ff:e2:eb:17: e6:ff:0c:bf:c0:2d:31:3b:d6:59:a2:f2:dd:87:4a: 48:7b:6d:33:11:14:4d:34:9f:32:38:f6:c8:19:9d: f1:b6:3d:c5:46:ef:51:0b:8a:c6:33:ed:48:61:c4: 1d:17:1b:bd:7c:b6:67:e9:39:cf:a5:52:80:0a:f4: ea:cd Exponent: 65537 (0x10001)
vrijdag 20 april 12
![Page 117: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/117.jpg)
HTTPS
48
vrijdag 20 april 12
![Page 118: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/118.jpg)
➡Browser sends over its encryption methods.
HTTPS
48
vrijdag 20 april 12
![Page 119: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/119.jpg)
➡Browser sends over its encryption methods.➡ Server decides which one to use.
HTTPS
48
vrijdag 20 april 12
![Page 120: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/120.jpg)
➡Browser sends over its encryption methods.➡ Server decides which one to use.➡ Server send certificate(s).
HTTPS
48
vrijdag 20 april 12
![Page 121: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/121.jpg)
➡Browser sends over its encryption methods.➡ Server decides which one to use.➡ Server send certificate(s).➡Client sends “session key” encrypted by the
public key found in the server certificate.
HTTPS
48
vrijdag 20 april 12
![Page 122: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/122.jpg)
➡Browser sends over its encryption methods.➡ Server decides which one to use.➡ Server send certificate(s).➡Client sends “session key” encrypted by the
public key found in the server certificate.➡ Server and client uses the “session key” for
symmetrical encryption.
HTTPS
48
vrijdag 20 april 12
![Page 123: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/123.jpg)
HTTPS
49
vrijdag 20 april 12
![Page 124: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/124.jpg)
➡Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.
HTTPS
49
vrijdag 20 april 12
![Page 125: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/125.jpg)
➡Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.
➡ SSL/TLS is a separate talk (it’s way more complex as this)
HTTPS
49
vrijdag 20 april 12
![Page 126: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/126.jpg)
➡Thus: Public/private encryption is only used in establishing a secondary (better!?) encryption.
➡ SSL/TLS is a separate talk (it’s way more complex as this)
➡http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
HTTPS
49
vrijdag 20 april 12
![Page 127: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/127.jpg)
http://torontoemerg.files.wordpress.com/2010/09/spam.gif
http://change-your-ip.com/wp-content/uploads/image/nigerian_419_scam.jpg50
vrijdag 20 april 12
![Page 128: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/128.jpg)
51
vrijdag 20 april 12
![Page 129: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/129.jpg)
Questions:
52
vrijdag 20 april 12
![Page 130: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/130.jpg)
➡ Did Bill really send this email?
Questions:
52
vrijdag 20 april 12
![Page 131: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/131.jpg)
➡ Did Bill really send this email?
➡ Do we know for sure that nobody has read this email (before it came to us?)
Questions:
52
vrijdag 20 april 12
![Page 132: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/132.jpg)
➡ Did Bill really send this email?
➡ Do we know for sure that nobody has read this email (before it came to us?)
➡ Do we know for sure that the contents of the message isn’t tampered with?
Questions:
52
vrijdag 20 april 12
![Page 133: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/133.jpg)
➡ Did Bill really send this email?
➡ Do we know for sure that nobody has read this email (before it came to us?)
➡ Do we know for sure that the contents of the message isn’t tampered with?
➡ We use signing!
Questions:
52
vrijdag 20 april 12
![Page 134: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/134.jpg)
Signing a message
53
vrijdag 20 april 12
![Page 135: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/135.jpg)
➡ Signing a message means adding a signature that authenticates the validity of a message.
Signing a message
53
vrijdag 20 april 12
![Page 136: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/136.jpg)
➡ Signing a message means adding a signature that authenticates the validity of a message.
➡ Like md5 or sha1, so when the message changes, so will the signature.
Signing a message
53
vrijdag 20 april 12
![Page 137: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/137.jpg)
➡ Signing a message means adding a signature that authenticates the validity of a message.
➡ Like md5 or sha1, so when the message changes, so will the signature.
➡ This works on the premise that Alice and only Alice has the private key that can create the signature.
Signing a message
53
vrijdag 20 april 12
![Page 138: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/138.jpg)
http://en.wikipedia.org/wiki/File:Digital_Signature_diagram.svg
Signing a message
54
vrijdag 20 april 12
![Page 139: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/139.jpg)
Introduction a pretty-good-privacy
55
vrijdag 20 april 12
![Page 140: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/140.jpg)
➡ GPG / PGP: Application for signing and/or encrypting data (or emails).
Introduction a pretty-good-privacy
55
vrijdag 20 april 12
![Page 141: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/141.jpg)
➡ GPG / PGP: Application for signing and/or encrypting data (or emails).
➡ Try it yourself with Thunderbird’s Enigmail extension.
Introduction a pretty-good-privacy
55
vrijdag 20 april 12
![Page 142: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/142.jpg)
➡ GPG / PGP: Application for signing and/or encrypting data (or emails).
➡ Try it yourself with Thunderbird’s Enigmail extension.
➡ Public keys can be send / found on PGP-servers so you don’t need to send your keys to everybody all the time.
Introduction a pretty-good-privacy
55
vrijdag 20 april 12
![Page 143: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/143.jpg)
56
vrijdag 20 april 12
![Page 144: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/144.jpg)
‣ Everybody can send emails that ONLY YOU can read.
56
vrijdag 20 april 12
![Page 145: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/145.jpg)
‣ Everybody can send emails that ONLY YOU can read.‣ Everybody can verify that YOU have send the email
and that it is authentic.
56
vrijdag 20 april 12
![Page 146: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/146.jpg)
‣ Everybody can send emails that ONLY YOU can read.‣ Everybody can verify that YOU have send the email
and that it is authentic.‣ Why is this not the standard?
56
vrijdag 20 april 12
![Page 147: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/147.jpg)
‣ Everybody can send emails that ONLY YOU can read.‣ Everybody can verify that YOU have send the email
and that it is authentic.‣ Why is this not the standard?‣ No really, why isn’t it the standard?
56
vrijdag 20 april 12
![Page 148: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/148.jpg)
57
vrijdag 20 april 12
![Page 149: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/149.jpg)
SSH
58
vrijdag 20 april 12
![Page 150: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/150.jpg)
➡ Public key authentication
SSH
58
vrijdag 20 april 12
![Page 151: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/151.jpg)
➡ Public key authentication
➡ Because you suck at creating and/or remembering passwords
SSH
58
vrijdag 20 april 12
![Page 152: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/152.jpg)
➡ Run ssh-keygen
➡ copy id_rsa.pub over to server’s ~/.ssh/authorized_keys
➡ Easy for tools / scripts to connect
➡ Easy for you (no remembering passwords)
➡ More fine grained security model.
59
vrijdag 20 april 12
![Page 153: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/153.jpg)
➡ Domain Key Identified Mail(spam protection)
➡ BitCoin
➡ IPSEC / PKI
➡ DRM
60
vrijdag 20 april 12
![Page 154: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/154.jpg)
61
Some words of wisdom:(free of charge)
vrijdag 20 april 12
![Page 155: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/155.jpg)
62
vrijdag 20 april 12
![Page 156: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/156.jpg)
➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail.
62
vrijdag 20 april 12
![Page 157: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/157.jpg)
➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail.
➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you.
62
vrijdag 20 april 12
![Page 158: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/158.jpg)
➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail.
➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you.
➡ Encryptions evolve. Do not use today what you used 10 years ago.
62
vrijdag 20 april 12
![Page 159: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/159.jpg)
➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail.
➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you.
➡ Encryptions evolve. Do not use today what you used 10 years ago.
➡ Every encryption will become obsolete!
62
vrijdag 20 april 12
![Page 160: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/160.jpg)
➡ Don’t “invent” your own encryption. It will NOT be secure, and it WILL fail.
➡ Encryption is as strong as the weakest link, which 9 out of 10 times will be you.
➡ Encryptions evolve. Do not use today what you used 10 years ago.
➡ Every encryption will become obsolete!
➡ Always follow the best practices.
62
vrijdag 20 april 12
![Page 161: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/161.jpg)
http://farm1.static.flickr.com/73/163450213_18478d3aa6_d.jpg
Questions?
63
vrijdag 20 april 12
![Page 162: Joshua thijissen 1 6_alice & bob- pkc 101](https://reader038.vdocument.in/reader038/viewer/2022110303/54bf85a24a7959a0148b4677/html5/thumbnails/162.jpg)
Thank you
64
Find me on twitter: @jaytaph
Find me for development and training: www.noxlogic.nl
Find me on email: [email protected]
Find me for blogs: www.adayinthelifeof.nl
http://xkcd.com/153/
vrijdag 20 april 12