Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Signing using private key.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sat Jan 28, 2012 6:53 pm    Post subject: Signing using private key. Reply with quote

I've been highly confused lately.

In the concept of digital signatures, a user (to assert that the sent message is authentic) encrypts the checksum of the message using his private key?

Is this true? I mean, you can encrypt using your private key? and the opposite happens in SSL?
_________________
My blog
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46381
Location: 56N 3W

PostPosted: Sat Jan 28, 2012 8:04 pm    Post subject: Reply with quote

dE_logics,

Your public and private keys are only differentiated by makeing one public for all the world to use and keeping the other private. Other than that, processes involving keys are reversable.

For someone to send you an encrypted message, they encryppt it with your public key. Only people with the matching private key can decrypt it.
The converse it true. If you encryot a message with your private key, it can only be decrypted with your public key.
At first sight, thats not very useful but if the message is a digest of another message, then the rest of the world can regenerate the digest from your message, the same way that you did and can compare it against the digest you encrypted with your private key but using your public key to decrypt the digest.

Thats a long way of saying 'yes'
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10459
Location: Somewhere over Atlanta, Georgia

PostPosted: Sat Jan 28, 2012 8:18 pm    Post subject: Reply with quote

Yes. To elaborate on what NeddySeagoon said, there are really only two operations with asymmetric cryptography:
  • A public key operation, which is used for encryption and verification, and
  • A private key operation, which is used for decryption and signing.
There are nuances on how they're used, but there are only two mathematical operations. The other salient fact is that each one reverses the transform performed by the other. If we define Pub() as a function that performs the public key operation for a given key pair and Priv() as a function that performs the private key operation, then, for all qualifying messages "x", then
  • Pub(Priv(x)) is equal to x, and
  • Priv(Pub(x)) is equal to x.
Signing is usually not called "encrypting with the private key" but instead is called "performing the private key operation" on a message digest. Does that make sense?

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sun Jan 29, 2012 5:20 am    Post subject: Reply with quote

Ok, thanks. Verified. :)

That's what GNUPG does.
_________________
My blog
Back to top
View user's profile Send private message
transsib
l33t
l33t


Joined: 26 Jul 2003
Posts: 889

PostPosted: Sun Jan 29, 2012 9:58 am    Post subject: Reply with quote

Thanks NeddySeagoon and John H. Graham; never read the description of what
happens in GnuPG so short and easy. Up to now it always tied a knot in my head :?

But do people still actually exchange their keys?
And if I have properly understood it doesn´t make sense to sign ones e-mails, right?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46381
Location: 56N 3W

PostPosted: Sun Jan 29, 2012 11:38 am    Post subject: Reply with quote

transsib,

It depends who you are writing to and why.

A signature on an email is only useful to people you have your public key. It assures those readers that the message was not tampered with/corrupted in transit.
The general idea is that you post your public key to a key server, so its avaiable to anyone who wants it. There is no need to 'exchange keys'.
This step provides no assurance to the senders identity. That comes next.

Suppose to people A and C who have never met and have no reason to trust one another, wish to exchange email in uch a way that both have an assurance when an email arrives it really is from the person whos signature is attached.
Suppose further that there is a person B who they both trust. B can sign both of the public keys, so that when signature checking occurs, they can also verify that B says this signature was really produced with A/Cs key.

The web of trust, as this is called can be spread further and more thinly. We actually all need only six signatures on our public keys (the right 6) to have an assurace that email is really from who it claims to be for any individual in the world.

Yes - key signing are still held. At LUG meets and so on.

Its more difficult with webmail. Its a bit pointless signing a message created on the web - you don't know what has happened to it during creation, but you can still sign attachments before they are attached and create a detached signature and attach that as well.

I sign all my email I send as neddyseagoon. I don't bother with email around the family.


-- edit --

Consider the message "Send reinforcements - am going to advance" sent during wartime being delivered as "Send three and fourpence - am going to a dance"
One is an instruction to send more soliders, the other a sum of money. You will need to read them aloud in English. The words sound very similar.
A digital signature would have caught that.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
transsib
l33t
l33t


Joined: 26 Jul 2003
Posts: 889

PostPosted: Sun Jan 29, 2012 2:47 pm    Post subject: Reply with quote

Hello NeddySeagoon,
Quote:
A signature on an email is only useful to people you have your public key. It assures those readers that the message was not tampered with/corrupted in transit.

Ya, that´s the general idea which is why I usually sign my e-mails.
Quote:
This step provides no assurance to the senders identity. That comes next.

Like triangulating your position?

With "webmail" you talk about free-mail servers of - say gmail - or do you mean when s.o. uses the web gui online instead of a mail-client like claws or thunderbird?
Dun know - anyway, I like the idea of verifying trust but fact is that many many people really don´t care much about securing their personal data on the web. It is quite disturbing how people can say: "Uh, I don´t have anything to hide."
Most people I exchange mail with don´t even know what they´ve received WHEN they actually take notice of the signature at the bottom of the message at all. Scares the hell out of me.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46381
Location: 56N 3W

PostPosted: Sun Jan 29, 2012 5:51 pm    Post subject: Reply with quote

transsib,

I mean mail systems in which the mail is composed on the web, not on the local machine.
With such systems, you have no assurace that what you enter is what is actually there.
As you say, gmail is a fine example.

Think of email as a postcard. Anyone can read it (or alter it) while its in transit.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16043

PostPosted: Sun Jan 29, 2012 11:08 pm    Post subject: Reply with quote

As a workaround for the issue that Neddy raised with regard to webmail, if you need to use a webmail interface to send e-mail, and you need to send signed content, remember that any file, including a plain text file, can be signed. Therefore, you could send a one line e-mail "See attached" via the web interface, and attach to the message a locally created signed plain text file with the message that needs to be authenticated.
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Mon Jan 30, 2012 5:53 pm    Post subject: Reply with quote

This context may help -

Quote:
Or secure socket layer is a protocol standard such that when something it's send over the network, it's encrypted using a key called the 'public key'. If you want to decrpt this message you'll need a 'private key', I.e deception using public key is not possible.
TSL or transport layer security is it's successor.
SSL/TSL is never used directly, it's used over a protocol like HTTP, FTP etc... i.e. in order to integrate SSL/TSL to an existing protocol, the protocol has to be modified to use it.
From here onwards, wherever I use SSL, I also mean TSL.
SSL uses asymmetric encryption algorithms. In such algorithms, there's a private and public key. A message is encrypted using the public key, to decode this message a private key is used.
Thus, when you make the SSL keys (using an application like openssl) you generate both public and private keys, the public key can be generated form the private key.
On the Internet, where we have the server/client implementation, the server usually has the private key. The client is given the public key, might be in an insecure way. Even the private key can be encrypted, if you do so, when you start the server using the private key), it'll ask for it's password.
Then client, if he wants to use encryption, will encrypt the data with the public key, the data can be decrypted using the private key which's in the server.
A PKI (Public key infrastructure) is a scheme of using asymmetric encryption methods for security purposes.
Different organizations may use different PKI implemented by different companies.
The IETF has also define a PKI for use over the Internet. This has been explained below -
A public key is not distributed raw. It's encapsulated within a 'certificate'. Apart from the public key, it also contains information like... like the vendor who provided it, email address of the vendor (common name or CN, this might be used with wild cards like *.gmail.com to specify a range of websites) , DNS of the server etc... It also contains the 'common name' or CN which should be the name of the website using it; This information is in the X.509 v3 format (this format also defines how and where to store the public key in the certificate apart from specifying the various fields). All in all this is called an SSL certificate. Depending on the server (type of server and it's configuration), the SSL certificate might be provided to the client on connection, or it might expect the client to provide it, otherwise refuse connection.
It's also possible to encrypt some data using a private key and decrypt it using a public key; the technique involved here is different from the conventional technique as stated above. This method is used to 'sign' some data, common application includes signing the public certificate itself.
Many certificates are self 'signed', or the checksum of the public key certificate is taken and encrypted using the private key, then placed inside the X.509 formatted certificate.
Using the public key for the corresponding private key, the software/client which receives this certificate and has to decrypt this checksum using the public key provided in the certificate, the decrypted checksum should match the checksum of the public certificate if it has not been manipulated.
The process of 'signing' is explained later.
It happens that asymmetric algorithms have a lot of overheads, thus there's a symmetric key (same key to decode and encode) involved in SSL. The public key has a symmetric key encapsulated within in, this key is not known to the server since it's randomly generated by the client (what cipher does it use, what's the key length, depends on the client). During an SSL connection the client sends this randomly generate password and a specified cypher (in which the rest of the data will be coded in) to the server after encrypting it using the public key (which's installed), the information is decrypted by the server (using the private SSL key), and then it uses the provided password for further negotiations and data transfers.
The X.509 formatted certificate that a website provides may also have a field called 'Issuing organization', this has it's separate subfiles which contains information about the 'issuer'.
As stated before, a certificate can be signed using the private key, but it's not necessary that it'll be singed using the private key of the corresponding public key enclosed within the certificate; one can use a different private key to sign it.
This's used by various profit and non profit organizations to verify the certificate that a website provide.
It's not difficult to generate a certificate containing a public key, anyone even doing a fraud can generate such a key; thus practically the only purpose of using SSL/TLS is prevention against man in the middle attack.
To extended the usage of SSL/TLS against fraud companies and to certify if a site is fraud or not, PKI of the Internet is formed.
To make a 'trust' among organizations, a third trustable organization is involved, let's name this organization A. Now companies (for e.g. B) will have to contact A with their digital certificates containing the public key for getting it signed by by A, using A's private key, for this the organization may charge money.
The public key for A's private key is distributed and usually preinstalled in standard non-Microsoft browsers; thus when B sends it's certificate to the client, the client can verify the signature which A has put on B's certificate since the client has the public key of A preinstalled.
Organization A keep it's private key in secret.
There are 2 advantages this way – first the signatures on the certificate on B are unique; no one can generate another signature following this pattern for any other data and it can only be decrypted only using the public key of A which's usually preinstalled on clients. This gives the client reason to trust B through the trust of A.
Second – B can keep it's private key a secret; to set a signature on B's certificate, it's private key is not required.
The public key for A, as we know, is preinstalled in most clients, the public key is also in the form of certificates; these certificates are called the root certificates.
This way A can generate a lot of money taking advantage of their famous public key corresponding to their secret private key, they sign many certificates using their private key; this way the browser vendor only has to preinstall a limited number of certificates for millions of websites using SSL/TLS.
Usually organizations like A have multiple public/private key pair to classify their them in accordance to the level of trust they have on the organization; there're various 'classes' for this.


Quote:
When information is transmitted over the Internet, it may be modified via eavesdropping or through compromised Windows systems.
Thus the reviver should have a reason to believe that the message received by him is actually send by this user.
In real life situations, we may use signatures, but in emails or other transmission of digital information, we use digital signatures which are more secure than personal ones.
Digital signatures work over the same principle of asymmetric encryption, here the sender of the email generates a hash of the message to be send (using algorithms like MD5, SHA512 etc...), then encrypts this hash with his private key. This encrypted hash works as a signatures and is consequently unique to the sent email.
On the receiver's end, the user should have the public key to decrypt the encoded hash.
Then he generates a hash off the email sent to him and if there's a match, it means the mail was unmodified.
This has infinite application, not only email.

_________________
My blog
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46381
Location: 56N 3W

PostPosted: Mon Jan 30, 2012 6:54 pm    Post subject: Reply with quote

dE_logics,

If you want to play with public key encryption make yourself two mail accounts, A and B.
Make a public/private key pair for each
Post the public keys on a keyserver.

Send a signed clear text email from A to B.
B should complain that the signature can't be verifiy because of a missing key.
Have B fetch A's public key from the keyserver.

Now that B has A's public key, B can encrypt messages to A.

As your quote says, public key encryption is expensive in terms of CPU time, so the public key is used to encrypt the key to a symmetric ciper that is used for this message only.
The symmetric ciper is used with the key to encrypt the message. The recipient decrypts the symmetric key (usinging the private key) and then uses the symmetric key and cipher to decrypt the message.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum