study_security_l6
"/home/yossef/notes/Su/security/study_security_l6.md"
path: Su/security/study_security_l6.md
- **fileName**: study_security_l6
- **Created on**: 2025-06-02 21:21:56
Public Key Cryptography Explained
Core Concepts
Symmetric vs Asymmetric Encryption
- Symmetric: Single shared key (fast but insecure key exchange)
- Example: AES, DES
- Asymmetric: Key pairs (secure but slower)
- Public key: For encryption/verification
- Private key: For decryption/signing
- Example: RSA, ECC
Key Features
- Solves two major problems:
- Secure key distribution
- Digital signatures (authentication + non-repudiation)
- Based on mathematical problems (factoring primes, discrete logs)
- Slower than symmetric crypto → Often used together (hybrid systems)
How Public Key Crypto Works
Encryption Flow:
- Bob generates key pair (PUB_b, PRIV_b)
- Bob shares PUB_b publicly
- Alice encrypts with PUB_b:
C = E(PUB_b, M) - Bob decrypts with PRIV_b:
M = D(PRIV_b, C)
Digital Signature Flow:
- Alice hashes message:
H = SHA(M) - Signs with PRIV_a:
S = Sign(PRIV_a, H) - Bob verifies with PUB_a:
Verify(PUB_a, S, H)
Public Key Infrastructure (PKI)
Certificate Components:
- Issuer: Trusted CA (e.g., VeriSign)
- Subject: Owner's identity
- Validity period: Start/end dates
- Public key: Bound to subject
- CA's signature: Ensures authenticity
Verification Process:
- Get certificate (e.g., from website)
- Check CA's digital signature
- Verify validity period
- Extract public key
Review Questions & Solutions
1. Compare Symmetric/Asymmetric Crypto
| Aspect | Symmetric | Asymmetric |
|---|---|---|
| Keys | Single shared key | Key pairs (public/private) |
| Speed | Fast | Slow |
| Key Distribution | Problematic (needs secure channel) | Solves distribution problem |
| Use Cases | Bulk encryption | Key exchange, signatures |
2. Hybrid Encryption
- How it works:
- Use asymmetric crypto to exchange symmetric key
- Use symmetric key for bulk data encryption
- Why needed: Combines speed of symmetric with secure key exchange of asymmetric
3. Digital Signatures & Non-Repudiation
- Only the signer knows private key → Cannot deny signing
- Verifiable by anyone with public key
- Example:
Sign(PRIV_a, SHA("Contract"))binds Alice to contract
4. Digital Signature Benefits
- Authentication: Proves sender identity
- Integrity: Detects message tampering (hash changes)
- Non-repudiation: Legal proof of signing
- Process:
# Signing
hash = SHA256(message)
signature = Encrypt(PRIV_key, hash)
# Verification
decrypted_hash = Decrypt(PUB_key, signature)
assert SHA256(message) == decrypted_hash
continue:./study_security_l7.md
before:./study_security_l5.md