Encryption:
- Symmetric
- Old style around forever
- Simple key copies for the target
- Same key on both sides
- Asymmetric
- Public Key Encryption
- Two Keys
- Public Key available to anyone
- Private only owner has
Steps to send encrypted message:
Public & Private keys mathematically made together
- Message
- Add message digest (hash)
- User private key on hash
- Encrypt using receiver public key (Encrypted)
- Send
- Receiver decrypts using private key (Unencrypted)
- Authenticate using message digest (hash) attached to bottom receiver unlocks using the sender’s public key
Certificates & Certificate Authorities:
- TLS
- 1.3 has no cert in wireshark
- Because of encryption
- 1.2 has cert in wireshark
- 1.3 has no cert in wireshark
- Cert Contains
- Issue times
- Issuer
- Digital Certs provides
- Confidentiality
- Authentication
- Remember Certs contain the Publix Key plus other publix information about a server or user
- Certs must have a corresponding Private Key that only the server or user should have
- Vouching for public keys authority
- Ca has a private/public key pair
- Client (alice) has a copy of the Ca public key in trusted CA list
- Server (bob) has it’s certificate signed by CA’s Private key
- Client knows that server Certificate is valid by checking the signature with CA Pub Key
- How do you know if a cert has been compromised
- 2 common methods
- Cert revocation list (CRL)
- Online certificate status protocol (OCSP)
- Clients poll a web server
- 2 common methods