Chapter(1)

Introduction to Information
Security

References: 1: Information Security V1.02

2: Information Security Principles and Practices
1
 Information Security

• Information security is a series of processes or practices to

protect information and assets from unauthorized accesses.

2
 Confidentiality, Integrity, and
Availability

• Confidentiality, integrity and availability are sometimes referred

to as the CIA Triad, is a model designed to guide policies for
information security within an organization.
1. Confidentiality
– the process to make sure that information remains private
and confidential, so that it cannot be viewed by unauthorized
users or eavesdroppers who monitor the flow of traffic
across a network.
– Encryption is one of the most popular methods for this
purpose.
– Access control lists (ACLs) are another means to maintain
confidentiality.
3
 Confidentiality, Integrity, and
Availability(Cont.)
2. Integrity
– ensure that information is protected from accidental or
deliberate (malicious) modification.
– Like privacy, integrity is quite critical for data transferred
through networks.
– Integrity for data in transit is typically provided by using
hashing Techniques and message authentication codes.
3. Availability
• From a security perspective, availability means that systems
remain available for legitimate users.
• The DoS attacks are to make a system practically unusable for
valid users.
• ensure that authorized parties are able to access the information
when needed. 5
 Examples of security
requirements: Confidentiality
• Student grade information is an asset whose confidentiality is
considered to be very high
– grades should only be available to students, their parents,
and their employers (when required for the job)
• Student enrollment information: may have moderate
confidentiality rating; less damage if enclosed
• Directory information: low confidentiality rating; often
available publicly

6
 Examples of security
requirements: Integrity
• A hospital patient’s allergy information (high integrity data): a
doctor should be able to trust that the info is correct and current
– If a nurse deliberately falsifies the data, the database should
be restored to a trusted basis and the falsified information
traced back to the person who did it
• An online newsgroup registration data: moderate level of
integrity
• An example of low integrity requirement: anonymous online
poll (inaccuracy is well understood)

7
 Examples of security
requirements: Availability
• A system that provides authentication: high availability
requirement
– If customers cannot access resources, the loss of services
could result in financial loss
• A public website for a university: a moderate availably
requirement; not critical but causes embarrassment
• An online telephone directory lookup: a low availability
requirement because unavailability is mostly annoyance (there
are alternative sources)

8
 Other aspects of
Information security
4. Authenticity
– Authenticity is to guarantee that a user (or information,
process) is genuinely the correct user (or information,
process), and is not someone else who pretends to be them.

5. Accountability
– to ensure that a result of activity (or process) can be
uniquely traced back to its origin, so that no malicious or
unexpected entities are in the course of its path.
– This is important to prevent man-in-the-middle attacks

9
Other aspects of information security
6. Reliability
– Reliability in information security means the extent
(quality) how well an outcome or a result of activity or
process matches expected result or plan.
7. Non-repudiation
– Non-repudiation is to prove that a given transaction has
been performed before, and cannot be denied later by
anyone.
– This is important for e-commerce system and e-contract
as well as for legal reasons.

10
 Unauthorized Accesses

1. Vulnerabilities
• Vulnerability, also called a “security hole”, is a weakness in
your system (both electronic and organizational) that makes a
threat possible.
• This may be poorly designed software, inappropriate
procedures in your office, human mistakes, or anything that
provides a way for attacker to break the security.
• Weak input validation is an example of an application layer
vulnerability, which can result in input attacks.

11
 Unauthorized accesses
2. Threats
• A threat is any possibility that cause bad effect on your
information security.
• A threat itself does not mean any actual attack, but means its
possibility.
• If you recognize any threat in your system, you must try to
eliminate them in order to prevent from potential real attack.
3. Attacks
• An attack is an action that exploits vulnerability or realizes a
threat.
• There are many kinds of attacks in today’s information security.
• The information security is now getting more and more
important due to the increasing number of possible threats and
due also to the more sophisticated technologies hackers and
attackers are trying to utilize. 12
Examples of Threats

13
Security Technologies Used

14
 Cryptography

• Cryptography or “secret codes” are a fundamental information

security tool.
• The basic terminology of crypto includes the following.
• Cryptology is the art and science of making and breaking
“secret codes.”
• Cryptography is the making of “secret codes.”
• Cryptanalysis is the breaking of “secret codes.”
• Crypto is a synonym for any or all of the above (and more).

15
 Cryptography(Cont.)
• A cipher or cryptosystem is used to encrypt data. The
original data is known as plaintext, and the result of
encryption is cipher text.
• Decrypt the cipher text to recover the original plaintext.
• A key is used to configure a cryptosystem for encryption and
• decryption.

Figure 1: Crypto as a black box. 16

 Simple Substitution Cipher
• the message is encrypted by substituting the letter of the
alphabet n places ahead of the current letter.
• For example, with n = 3, the substitution—which acts as the
key—is
• plaintext: abcdefghijklmnopqrstuvwxyz
• Cipher text: DEFGHIJKLMNOPQRSTUVWXYZABC
• Using the key of 3, encrypt the plaintext message
• Fourscoreandsevenyearsago
• the resulting ciphertext is
• IRXUVFRUHDAGVHYHABHDUVDIR
• The simple substitution with a shift of three is known as the
Caesar’s Cipher.
17
 Double Transposition Cipher
•First write the plaintext into an array of a given size and then
permute the rows and columns according to specified permutations.
•Write the plaintext attackatdawn into a 3 × 4 array.

•Now if we transpose (or permute) the rows according to (1, 2, 3) →

(3, 2, 1) and then transpose the columns according to (1, 2, 3, 4) →
(4, 2, 1, 3), we obtain

•The ciphertext is then read from the final array:

•NADWTKCAATAT 18
Double Transposition Cipher
• to decrypt cipher text, the cipher text is first put into a 3 × 4
array.
• Then the columns are numbered as (4, 2, 1, 3) and rearranged to
(1, 2, 3, 4).
• Then the rows are numbered (3, 2, 1) and rearranged into (1, 2,
3), as illustrated below

• and we have recovered the plaintext, attackatdawn.

19
 Exercises
1. Given that the Caesar’s cipher is used, Find the plaintext from
the cipher text
• VSRQJHEREVTXDUHSDQWU

2. Find the plaintext and the key from the cipher text
• CSYEVIXIVQMREXIH
given that the cipher is a simple substitution of the shift-by-n
variety.

20
 Assignment-I

1. Encrypt the message “ we are all together” using a double

transposition cipher with 4 rows and 4 columns, using the row
Permutation (1, 2, 3, 4) −→ (2, 4, 1, 3) and the column
permutation (1, 2, 3, 4) −→ (3, 1, 2, 4).

2. Decrypt the ciphertext “

IAUTMOCSMNIMREBOTNELSTRHEREOAEVMWIHTSEEATM
AEOHWHSYCEELTTEOHMUOUFEHTRFT”. This message was
encrypted with a double transposition using a matrix of 7 rows and
10 columns. Hint: The first word is “there.”

21
 Chapter(2)

Underlying Technologies for

Information Security

22
 Access Control
• Access control
– refers to issues concerning access of system resources.
– a mechanism to precisely assign various privileges to individual
user.
• access control is more broadly defined, with authentication and
authorization.
• Authentication: Who goes there?
• Authorization: Are you allowed to do that?
• Authentication is the process to identify and assure the
genuine, authorized user in the system.
• Authentication is the basis for effective information security.
authenticated users are allowed access to system resources.
• Authorization deals with more fine-grained restrictions and
limitations on access to various system resources.
23
 Authentication Methods
1.User name / Password authentication
•Usernames and passwords are the most common form of authentication in use
today for its simplicity. However, passwords are often the weakest portion against
attack (like too easy passwords).
2.Key-file-based authentication
•Instead of using passwords, a system can authenticate by using encrypted “key-
file”, which normally has far larger data size than typical password, thus more
secure. For example, SSH (Secured Shell) client can connect and login to the server
by using key file instead of a password.
•In this case, a user cannot login by password, and must prepare a valid key file for
the authentication.
3.Biometrics authentication
•Password is handy for authentication, but is actually a very weak method because
anyone who knows the password can login to a system. In case the system needs to
recognize a particular person, we should use some forms of biometrics
authentication like the followings.
1)Fingerprint 2) Iris (Retina) 3)Hand palm geometry 4) Face 5)DNA
24
 User Authentication
• Fundamental security building block
– basis of access control & user accountability
• The process of verifying an identity claimed by or for a system
entity
• Two steps:
– identification: specify identifier
– verification: bind entity (person) and identifier
• Distinct from message authentication (when communicating
parties are concerned with the integrity of the exchanges
messages)

25
 Means of user authentication

• Four means of authenticating user's identity

• Based one something the individual
– knows, e.g. password, PIN
– possesses, e.g. key, token, smartcard
– is (static biometrics), e.g. fingerprint, retina
– does (dynamic biometrics), e.g. voice, sign
• Can use alone or combined
• All can provide user authentication
• All have issues

26
 Password Authentication

• Widely used user authentication method

– user provides name/login and password
– system compares password with that saved for specified
login
• Authenticates ID of user logging and
– that the user is authorized to access system
– determines the user’s privileges
– is used in discretionary access control

27
 Password vulnerabilities
• offline dictionary attack
• password guessing against single user (w/ previous knowledge
about the user)
• workstation hijacking
• exploiting user mistakes
• exploiting multiple password use
• electronic monitoring

28
 Countermeasures for password
vulnerability
• stop unauthorized access to password file
• intrusion detection measures
• account lockout mechanisms
• policies against using common passwords but rather hard to
guess passwords
• training & enforcement of policies
• automatic workstation logout
• encrypted network links

29
 Biometric Authentication
• Authenticate user based on one of their physical
characteristics:
– facial
– fingerprint
– hand geometry
– retina pattern
– iris
– signature
– voice

30
 Authentication Security Issues

• Client attacks: attacker attempts to achieve

user authentication without access to the
remote host
– Masquerade as a legitimate user (e.g., guess the
password or try all passwords)
– Countermeasure: strong passwords; limit number
of attempts

31
 Authentication Security Issues

• Host attacks: attacker attacks the host where

passwords/passcodes are stored
– Countermeasure: hashing, protect password
databases

32
 Authentication Security Issues

• Eavesdropping: attacker attempts to learn passwords by

observing the user, finding written passwords, keylogging
– Countermeasures
• diligence to keep passwords
• multifactor authentication
• admin revoke compromised passwords

33
 Authentication Security Issues
• Replay: attacker repeats a previously captured user response
– Countermeasure
• Challenge-response
• 1-time passcodes

34
 Authentication Security Issues

• eavesdropping
• replay
• trojan horse

35
Authentication Security Issues

• Trojan horse: an application or physical device masquerades

as an authentic application or device
– Countermeasure: authentication of the client within a
trusted security environment
• Denial of service: attacker attempts to disable a user
authentication service (via flooding)
– Countermeasure: a multifactor authentication with a token

36
 Symmetric Key Encryption
• A symmetric key (sometimes called private, secret key, or single
key) system uses a single key.
• That key is used both to encrypt and to decrypt information.
• A symmetric key cryptosystem uses the one key to encrypt and
decrypt messages.

Figure 1 - Symmetric key encryption/decryption

38
Attacking Symmetric Encryption

• cryptanalysis
– rely on nature of the algorithm
– plus some knowledge of plaintext characteristics
– even some sample plaintext-ciphertext pairs
– exploits characteristics of algorithm to deduce specific
plaintext or key
• brute-force attack
– try all possible keys on some ciphertext until get an
intelligible translation into plaintext

40
Symmetric Encryption Algorithms

41
 Data Encryption Standard
• simple block cipher
• a symmetric key algorithm
• DES has a 64-bit block length;
• DES uses a 56-bit key; 8 of the 64 key bits were discarded, so
the actual key length is a mere 56 bits.
• each round of DES uses a 48-bit subkey and each subkey
consists of a 48-bit subset of the 56-bit key
• In DES, each S-box maps 6 bits to 4 bits, and DES employs
eight distinct S-boxes.
• The S-boxes, taken together, map 48 bits to 32 bits.
• The same S-boxes are used at each round of DES.

42
 Triple DES
• DES
• Let P be a block of plaintext, K a key, and C the
corresponding block of ciphertext.
• For DES, C and P are each 64 bits, while K is 56 bits.
• The notation for the encryption of P with key K is
• C = E(P,K)
• while the corresponding decryption is denoted
• P = D(C,K).
• Double DES
• C = E(E(P,K1),K2).

43
 Triple DES

• triple DES is defined as

• C = E(D(E(P,K1),K2),K1).
❖ triple DES only uses two keys, and encrypt-decrypt-encrypt, or
EDE, is used instead of EEE.
• The reason for only using two keys is that 112 bits is sufficient.
• If 3DES is used with K1 = K2 = K then it collapses to single
DES
• C = E(D(E(P,K),K),K) = E(P,K).

44
 Public Key Encryption
• A public key (sometimes called
asymmetric key or two key) system
uses two keys: a public key and a
private key.
• A public key is known to everyone,
whereas a private key is kept secret
by its owner.
• A big random number is used to
make a public-key pair. Public and
private keys are mathematically
related.
• data encrypted with one key can only
be decrypted with the other key.
Figure 2- Public Key Pair

45
 Public Key Encryption
• In public key cryptography, one key is used to encrypt and a
different key is used to decrypt.
• A public key cryptosystem is based on a “trap door one-way
function,” that is, a function that is easy to compute in one
direction and hard to compute in other direction.

Figure 3: public key - public key

46
Public Key Encryption

Figure 4: private key - public key

47
Public Key Encryption

Figure 5: combination public/private key

48
Public Key Encryption

49
 Public Key Authentication
Authentication and/or data integrity

50
 Public Key Algorithms

• RSA (Rivest, Shamir, Adleman)

– developed in 1977
– only widely accepted public-key encryption alg
– given tech advances need 1024+ bit keys
• Diffie-Hellman key exchange algorithm
– only allows exchange of a secret key
• Digital Signature Standard (DSS)
– provides only a digital signature function with SHA-1
• Elliptic curve cryptography (ECC)
– new, security like RSA, but with much smaller keys

51
 RSA

• by Rivest, Shamir & Adleman of MIT in 1977

• best known & widely used public-key scheme
• RSA uses two keys: a private key and a public key.
• The keys for the RSA algorithm are generated
mathematically—in part, by combining prime numbers.
• The security of the RSA algorithm depends on the use of very
large numbers.

52
 RSA Key Setup
• each user generates a public/private key pair by selecting two
large primes at random - p, q
• computing their system modulus N=p.q
– ø(N)=(p-1)(q-1)
• selecting at random the encryption key e
• where 1<e<ø(N), gcd(e,ø(N))=1
• solve following equation to find decryption key d
– e.d=1 mod ø(N) and 0≤d≤N
• publish their public encryption key: KU={e,N}
• keep secret private decryption key: KR={d,N}

53
 RSA Key Setup(Cont.)
• to encrypt a message M the sender:
– obtains public key of recipient KU={e,N}
– computes: C=Me mod N, where 0≤M<N

• to decrypt the ciphertext C the owner:

– uses their private key KR={d,N}
– computes: M=Cd mod N

54
RSA Algorithm

55
 RSA Example-1
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is
d=23 since 23×7=161= 10×160+1
6. Publish public key KU={7,187}
7. Keep secret private key KR={23,17,11}

57
 RSA Example-2
• Now you want to send message M=4 to Alice. Encrypt your plaintext
M using Alice public exponent. What is the resulting ciphertext C? Now
Alice receives C. Verify that Alice can obtain M from C, using her
private decryption exponent.
• Select primes p=11, q=3.
• n = pq = 11*3 = 33
ø(n) = (p-1)(q-1) = 10*2 = 20
• Select e: gcd(e, ø(n)) = 1, gcd(e ø(n)) = gcd(e, 20) = 1
• Choose e=3, gcd(3, 20) = 1
• Compute d such that e.d ≡ 1 mod ø(n), select d = 7
• Public key = (n, e) = (33, 3), Private key = (n, d) = (33, 7).
• Encrypt the message m = 7,
c = me mod n = 73 mod 33 = 343 mod 33 = 13.
Hence the ciphertext c = 13.
• To check decryption , compute
m = cd mod n = 137 mod 33 = 7. 58
 Exercises:

• In a public-key system using RSA, you intercept the

cipher text C = 10 sent to a user whose public key is e
= 5, n = 35. What is the plaintext M?

60
 Digital Signature
• a mathematical scheme for demonstrating the authenticity of a digital message
or document.
• It is used to verify a message.
• It is basically an encrypted hash of the message.
• The recipient can check if the message was tampered with by hashing the
received message and comparing this value with the decrypted signature.
• To decrypt the signature, the corresponding public key is required.
• A valid digital signature gives a recipient reason to believe that the message
was created by a known sender, and that it was notAlice
altered in transit.
Bob

Bob’s private key Bob’s public key

Clear text
Cipher text Clear text
message calculate
Encryption Decryption
hash
Digital
Hash value Hash value
signature

= ?
message Clear text
calculate
hash

Hash value

Sender create digital signature

Create digital signature document
document 62
Digital Signature (Cont.)

63
 Digital Signature (Cont.)
• Suppose Alice wants to send a signed document or message to
Bob.
• The first step is generally to apply a hash function to the
message, creating what is called a message digest.
• The message digest is usually considerably shorter than the
original message.
• In fact, the job of the hash function is to take a message of
arbitrary length and shrink it down to a fixed length.
• In addition, someone could pretend to be Alice and sign
documents with a key pair he claims is Alice's.
• To avoid scenarios such as this, there are digital documents
called certificates that associate a person with a specific public
key.

64
 Digital Signature (Cont.)
• Alice sends Bob the encrypted message digest and the
message, which she may or may not encrypt.
• In order for Bob to authenticate the signature he must apply
the same hash function as Alice to the message she sent him,
decrypt the encrypted message digest using Alice's public key
and compare the two.
• If the two are the same, he has successfully authenticated the
signature.
• If the two do not match, either someone is trying to
impersonate Alice, the message itself has been altered since
Alice signed it or an error occurred during transmission.

65
 Digital Certificate
•A digital certificate is used to bind public keys to persons or other
entities.
• If there were no certificates, the signature could be easily be forged,
as the recipient could not check if the public key belongs to the sender.
•An individual wishing to send an encrypted message applies for a
digital certificate from a Certificate Authority (CA) which acts as a
trusted third party, or TTP.
•By signing the certificate, the CA is confirming that the identity stated
in the certificate is that of the holder of the corresponding private key.
•When you receive a certificate, you must verify the signature.
• If the certificate is signed by a CA that you trust, then you would
attempt to verify the signature using that CA’s public key.
•Anyone can create a certificate and claim to be anyone else—only the
verification of the signature can create trust in the validity of the
certificate.
66
 Digital Certificates Functions
• Authentication – Proof that you are who you claim to be
• Encryption – encoding information in such a way as to
make it unreadable
• Non-repudiation – Inability to deny having sent specific
information or having accessed a specific system
• Data Integrity – Proof that the data has not been altered
since it was originally sent
• With a Digital Certificate, you can assure friends, business
associates, and online services that the electronic information
they receive from you are authentic .

67
 Digital Signature & Digital Certificate
• The digital certificate is an electronic document that binds a
public key using digital signature to an individual or a person, a
computer or a network device
• a digital signature is to ensure that a data/information remain
secure from the point it was issued.
• Digital Certificates are used to verify the trustworthiness of a
website, while digital signatures are used to verify the
trustworthiness of information.
• In the case of digital certificates, an organization may only trust a
site if the digital certificates are issued by the organization itself
or by a trusted certification source.
• But, this doesn't necessarily mean that the content of the site can
be trusted; a trusted site may be infiltrated by a hacker who
modifies the site's content. 68
 Certificate authorities
• A creator of a public key certificate is normally referred to as a
Certificate Authority (or CA).
• The CA takes responsibility for ensuring that the information on
a certificate is correct. The CA creates the public key certificate
to the owner.
• Whenever anyone has need of the owner’s public key they
request a copy of the public key certificate.
• The certificate might be made available on a central server, or
the owner or even the CA might send the certificate to whoever
requires it.
• The recipient of the public key certificate checks that the
certificate is in order, and if they are happy with it then they are
free to use the public key contained in the certificate. 69
 Public Key Infrastructure (PKI)

• Some Trusted Agency is required which certifies the association

of an individual with the key pair.
Certifying Authority (CA)
• This association is done by issuing a certificate to the user by
the CA Public key certificate (PKC)
• All public key certificates are digitally signed by the CA
• Establishing reliable CA to bind public keys and their identities
as an shared infrastructure is called Public Key Infrastructure
(PKI).
• In this PKI, the CA must be trusted by all participants, that is,
each user must decide whether to trust the CA when the CA
asserts that a particular public key belongs to a particular user.

70
 Public Key
Infrastructure(Cont.)
Three websites that offers digital certificates :
• www.verisign.com, www.webopedia.com, www.thawte.com
• Public key infrastructures based on digital certificates and
certificate authorities remain the favoured method for trying to
securely implement public key cryptography.
• typical usage with PKI:
– Encryption and/or sender-authentication of Email messages
– Encryption and/or authentication of documents
– Authentication of users to applications,
– Bootstrapping secure communication protocols

71
 Message Authentication

– A procedure to verify that messages come from the alleged

source and have not been altered.

• message authentication is concerned with:

– protecting the integrity of a message

– validating identity of originator

– non-repudiation of origin (dispute resolution)

73
 Authentication Functions

Authentication Functions
• Three classes of functions that may be used to produce an
authenticator
– Message encryption
• Ciphertext itself serves as authenticator
– Message authentication code (MAC)
• A public function of the message and a secret key that
produces a fixed-length value that serves as the
authenticator
– Hash function
• A public function that maps a message of any length into a
fixed-length hash value, which serves as the authenticator74
 Message Encryption

• if public-key encryption is used:

– encryption provides no confidence of sender
– since anyone potentially knows public-key
– however if
• sender signs message using their private-key
• then encrypts with recipients public key
• have both secrecy and authentication
– but at cost of two public-key uses on message

75
 Checking Techniques
• Checksums: a form of redundancy check. It adds up the digits
in a message before and after transmission for protecting the
integrity of data.
• Parity checks: counting the ones and zeroes in a message to
determine if the number of ones is odd or even, and verifying
that whatever the state was before transmission for the purposes
of error detection and error correction.

76
 Message Authentication Code (MAC)-
• generated by an algorithm that creates a small fixed-sized
block
• This provides assurance that:-
– message is unaltered
– message comes from sender
• appended to message as a signature
• receiver performs same computation on message and checks it
matches the MAC
• provides assurance that message is unaltered and comes from
sender
• MAC differs from digital signatures, as MAC values are both
generated and verified using the same private key.
• This implies that the sender and receiver of a message must
agree on keys before initiating communications, as is the case
with symmetric encryption.
77
Message Authentication Codes

78
 Hash Function
• The two most common cryptography techniques for message
authentication are a message authentication code (MAC) and a
secure hash function.
• A hash function maps a variable-length message into a fixed
hash value, or message digest.
• Hashes are used to protect integrity of data.
• Only the hash code is encrypted, using public key encryption
and using the sender’s private key.
• This provide authentication. It also provides a digital
signature, because only the sender could have produced the
encrypted hash code.
• In fact, this is the essence of the digital signature technique.

79
Secure Hash Functions

80
 md5 - MD5 Message-Digest
Algorithm
• A well-known cryptographic hash function with a 128-bit
resulting hash value.
• It is conjectured that it is computationally infeasible to produce
two messages having the same message digest.
• Intended where a large file must be “compressed” in a secure
manner before being encrypted with a private key under a
public-key cryptosystem.
• The MD5 algorithm can be used as a digital signature
mechanism.

81
 Hash Functions
• two attack approaches
– cryptanalysis
• exploit logical weakness in alg
– brute-force attack
• trial many inputs
• strength proportional to size of hash code (2n/2)
• SHA most widely used hash algorithm
– SHA-1 gives 160-bit hash
– more recent SHA-256, SHA-384, SHA-512 provide
improved size and security

82
 openssl - OpenSSL command line tool
• OpenSSL is a cryptography toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) network protocols and related cryptography standards
required by them.
• It is a C library that implements the main cryptographic
operations like symmetric encryption, public-key encryption,
digital signature, hash functions, etc.
• It has a command-line interface & an application programming
interface.
• There are a lot of tools using OpenSSL’s libraries to secure data
or establish secure connections.

83
openssl - OpenSSL command line
tool
• It can be used for
1. Creation and management of private keys, public keys and
parameters Public key cryptographic operations
2. Creation of X.509 certificates, CSRs and CRLs
3. Calculation of Message Digests
4. Encryption and Decryption with Ciphers
5. SSL/TLS Client and Server Tests
6. Handling of S/MIME signed or encrypted mail
7. Time Stamp requests, generation and verification

84