PKI 환경에서 공개키 서명 생성과 확인 방법

PKI Introduction

Basic Terminology

Cryptography has been used for thousands of years to safeguard military and diplomatic communications. The cryptographer seeks methods to ensure the safety and security of conversations, and transactions.

By means of an encryption algorithm and a secret key, a plaintext can be converted into a not understandable ciphertext.

Basic Terminology

Symmetrical Cryptography

Two systems of cryptography exist today : symmetrical cryptography and public key cryptography (PKI).

In symmetrical key, the encryption key and the decryption key are the same.

Symmetrical Key Cryptograpy

PKI: Public Key Infrastructure

In PKI, the encryption key and the decryption key are different and cannot be deduced from eachother.

One key is a persons private key, and is not shared. The other key is a persons public key, and is made public.

Thus, one can encrypt a message with the public key of the receiver, so that nobody else may read it.

Public Key Cryptography

Message Digests

A fingerprint or message digest of a message or file, can be made, by means of a hash function. Hash functions are public, standardised functions. A small modification in a message, leads to a completely different message digest.

Message Digest

Digest sizes: 128 .. 256 bits
	10E77 message digests
Single bit change
	50% of bits change in message digest

Digital Signature

A document can be digitally signed by encrypting the hash value of this document with a private key. The public can indeed verify that the sender has signed the document.

Digital Signature with PKI

Combination of Signature and Encryption

A document can be both digitally signed and encrypted.

Combination: Digital Signature + Encryption

Digital Certificates

A digital certificate establishes a link between a person and a public key. They are assigned by certification authorities who verify a persons identity.

Digital Certificate