Chadwick, the international hacker, is sniffing the communications over the internet between Joe and
Sue. What mischief could Chadwick get up to?
We are rarely certain of the real identity of the sender, only that they have sent us a public key. If you
want to buy over the web and to encrypt your credit card details you need to know the public key you
are sent really belongs to who you think you are sending to. The authenticity of a public key can be
proved by a digital certificate. The certificate gives the public key of a particular party and verifies they
own it through the digital signature of the Issuing Authority.
VERISIGN CLASS1 DIGITAL CERTIFICATE
OWNER:
)
Certified Details for : Fred Bloggs Email: bf02@gre.ac.uk Certificate Serial No: A2:EO:89:B1:E5 …
)
Public Key: 9D:4F:16:3D:1A:87:F1:A2:EO:7D:B9:B1:D5:83:B3:62
)
PartA
. CERTIFICATE DETAILS
)
Certificate Validity: 4/1/2012 – 3/1/2013 Certificate Type: Class 1 Checked: 20/12/2011
Issuing Certificate Authority: Verisign Class1 CA : 62 Axford Street, London Message Digest Type: MD5
)
PartB
Issuing Authority’s Digital Signature: BD:44:15:3D:2A:57:F1:72:EO:5D:89:B1:E5:8D:B3:ED …
Part A :
Calculate message digest for part A using the Message Digest type specified:
Part B:
Decrypt the Issuing Authority’s Digital Signature using what key?
And, when decrypted, we now have what?
Many Certificate Authorities (CA’s), most known are Verisign, Microsoft, Thawte.
Some do exhaustive checks - others do few
SUE VERISIGN
Check ID.
Please give a ‘challenge phrase’
encrypted with our public key.
JOE SUE
J(Pr) S(Pr)
Encrypted
JCert
Message SCert
Distributing
key
Authentication
Secure
1. Here is the message digest for the Check out message digest.
order/credit card details encrypted Send transaction over message.
with Joe(Sym).
2. Encrypted session over.
Joe is using a 128bit symmetric session key: how many choices of key does he have for
one session?
With what key does Joe encrypt the DES key for Amazon?
With what key does Amazon decrypt the DES key from Joe?
With what key does Amazon decrypt the order/credit card details from Joe?