11:14 Electronic digital signature for dummies what it is and how not to choke Part 3 | |
| Part 1 Part 2 In this part we make a slight digression from the digital signature to the side in order, without which direct digital signatures, and information security in the conventional sense, there would be: encryption. After all, the first thing that comes to mind when it comes to protecting our data - it does not give these data a bad man to read. So, before you continue the consideration of standards PGP and S / MIME, is to paint some of the remaining blank spots in knowledge and consider encryption process is a bit more detail. Ciphers and codes exist, probably, from the moment when mankind learned to write down their thoughts about the world in the media. If you think about it a bit, even an ordinary alphabet - is the code. After all, when we read any text in our heads each draw a symbol is associated a sound combination of sounds, or even the whole concept, but my head is a neighbor who can not read, this no longer happens. Not knowing what a character, and that is mapped, we can never understand what it meant writing. For example, try to pick up and read something written in Hebrew, or Chinese. Sami alphabets of these languages ??will be an insurmountable obstacle for you, even if with the help of these characters are written the concept of your native language. But, nevertheless, the mere use of another alphabet is still insufficient action to protect your data. After all, any alphabet, one way or another, created for the convenience of them and is inextricably linked with language, which is characteristic of this alphabet. So, learn the language and a set of basic concepts in it (or simply using the services of a person who knows the language), a wicked man can read your information. So, we must think of the alphabet, who knows only a limited number of persons, and use it to record information. Probably all read (or at least heard of) a cycle of stories about Sherlock Holmes. In this series featured the alphabet, consisting of dancing figures (and many, I think a child based on it were your own). However, as shown by this story, observant person can figure out what character is and what belongs. So our information again fall into the wrong hands. What do you do? Invent more and more complex alphabets? But the more complex and unwieldy alphabet, the more uncomfortable with it, keep it a secret. Besides, what about the mysteries have a wonderful saying: know two - they know everything. After all, the weakest link in any cipher - a person who knows how to decipher this code. Why not make the encryption method was immediately known to all, but decipher our data would not be without some key? After all, the key (as opposed to just the alphabet) small, its easy enough to make a new one, if that (again, unlike the processing of the alphabet), it is easy to hide. Most obvious advantages of key systems, the following example: the recipient must be exiled to read your message. Usual, on paper. Suppose you use a secret alphabet. Then, to read the message, the recipient must know the alphabet, have a great dusty Talmud, which describes how to decrypt (since the alphabet to be complex to be reliable) and understand how to work with the Talmud. Since the keys are all simple: you put your message in the box with a lock, and the recipient simply insert the appropriate key, and know how it is arranged locking but very necessary. So, the well-known "alphabets" and keys - a mechanism that significantly more convenient than just alphabets. But how can encrypt all stood for a simple key? And here we come to the aid of mathematics, and more specifically - the mathematical functions that can be used to replace our original characters with new ones. Remember also that such a function. This is a ratio by which one number can be different. Knowing x and substituting in the known relation y = A * x, we always obtain the value y. But, as a rule, the converse is true: Knowing y, we can get, and x. Usually, but not always. For many dependencies to get y easily, while x - is already very difficult, and its reception will take a long time. That's it for such dependencies, and is based encryption is now used. But, back to itself encrypted. Encryption is divided into symmetric, asymmetric and combined. Consider the essence of each. Symmetric encryption, by and large, rather weakly differs from the good old secret alphabet. Strictly speaking, it just differs by the presence of the - some relatively small sequence of numbers used for encryption and decryption. In this case, each party must exchange information to know the key and kept secret. A great advantage of this approach is the speed of encryption: key, in fact, is quite simple and brief instructions, a symbol, when and on what should replace it. And this key works in both directions (ie, it can be used as a substitute for all symbols of new and return everything as it was), for which an encryption method and is called symmetric. Equally huge downside is exactly what both sides, between which information is sent, should be the key to know. In this case, is a bad man to get the key, as he immediately read our so carefully protected data, and hence the problem of key distribution host country becomes a full-length. Asymmetric encryption comes somewhat trickier. Here with us, and our recipient has been the two keys, which are called open and closed. The private key is we keep the recipient host (note that each stores only a key, which means that we go beyond the very sayings of two knowledgeable), and we are open and the recipient can easily send anyone - our private, secret, according to it can not be restored. Total, we use the recipient's public key to encrypt and the recipient, in turn, uses his private key to decrypt. Plus, this approach is obvious: we can easily begin to share classified information with different recipients, almost anything (assuming the condition that the recipient of our own private key is lost / paid, etc., that is not passed into the hands of bad people) do not run the risk of the transmission of information. But, without a huge minus is necessary. And here he is in the following: the encryption and decryption in this case are very, very, very slowly, two to three orders of magnitude slower than a similar operation for symmetric encryption. In addition, the resources spent on this encryption is also much more. Even the keys for these operations, significantly longer than similar operations for symmetric encryption, because you want to best protect the private key from selecting the Open. This means that large amounts of information in this way to encrypt just unprofitable. Example of using the asymmetric encryption [Wikipedia] e - recipient's public key B d - the recipient's private key B m - background information sender A c - scrambled background information Once again, the question arises: what can we do? And do need the following: take, and combine both methods. Actually, since we get a combined encryption. Our large volume of data we zashifruem the first method, and to bring the key with which we have them encrypted to the recipient, we are the key itself zashifruem the second method. Then we find that although asymmetric encryption and slow, but the volume of encrypted data (that is the key, which encrypted data is large) will be small, so decryption will take place quickly enough, and from then on in it will come faster symmetric encryption. Example of the combined system [Wikipedia] All of these mechanisms have been applied in practice, and our two great camps PGP and S / MIME use them. As mentioned in the first paper, asymmetric encryption is used for digital signatures (ie, to encrypt our hash). The difference between this use of conventional asymmetric encryption that is used to encrypt our private key to decrypt and sufficient availability of the associated (that is, too, our) public key. Since the public key, we do not hide our hash can read by anyone, not just individual recipients, as required for digital signatures. Combined same encryption used in both standards directly to encrypt the data sent. So starting to use digital signatures to protect our data from the substitution, we'll automatically (for these two standards) and get a great opportunity to protect our data also from reading that, you will agree, very convenient. Now, when we met with the general principles of the mechanisms used to protect our data, we can finally go to practice and to consider what to use. But more about that in the next article. Part 4 | |
|
| |
| Total comments: 0 | |