Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Manual de usuario descargar pdf (Pagina 5)

2. Introduction

There are two main branches of cryptography: symmetric cryptography and

asymmetric cryptography.

Symmetric cryptography is the first type of cryptography invented, dating back

to 2000 years ago, and the only one most people know. In symmetric

cryptography, a cipher (cryptographic algorithm) is used in conjunction with a

single key, for instance a password, to encrypt a message. The message can

then be decrypted using the same key.

Symmetric cryptography poses a problem concerning the delivery of secure

messages. The sender can encrypt a message and send it to the recipient, but

has to provide the recipient the key to decrypt it. The key cannot obviously be

sent with the message, and must be communicated through a secure channel.

Encryption provides a secure channel for the delivery of messages but, in order

to make it usable, the sender must first deliver the key to the recipient.

This catch-22 problem was solved only thirty years ago with the birth of

asymmetric cryptography, also called public key cryptography.

Public key cryptography is much more interesting and useful. It does not

operate with a single key but with a key pair, composed of a public key and a

private key (also called secret key). Public and secret key are created together

at the same time using a special algorithm.

Let's show how public cryptography works by taking as an example two people,

Alice and Bob, that want to exchange secure messages.

Alice generates her own key pair in advance. Then makes the public key

available to anyone, for instance by publishing the key in a public directory, and

carefully keeps for herself the secret key. This is perfectly safe, because it is

practically impossible (or, as computer scientists prefer to say, computationally

infeasible) to derive a private key from its companion public key alone. Bob

does the same: generates a key pair, publishes his public key and keeps

undisclosed his secret key.

When Bob wants to send a confidential message to Alice, he first retrieves

Alice's public key from the directory. Then he encrypts the message with her

public key and sends the message. Alice decrypts the message with her private

key and is able to read it.

Public key cryptography is not only employed for confidentiality (ensure that the

message can be read only by the intended recipient), but also for authentication

(ensure that the message really comes from the intended sender) and integrity

(ensure that the message has not been altered in transit). Authentication and

integrity are enforced by appending a digital signature to the message.

1 2 3 4 5 6 7 8 9 10 ... 105 106

Sin comentarios

Red Hat DIRECTORY SERVER 8.1 - 11-01-2010 Manual de usuario Pagina 5