CIS-154Project 12.1

CIS-154Project 12.1 - other parties. Commercial CAs charge...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
Steven Rampmeyer CIS-156 Project 12.1 Symmetric key encryption uses same key, called secret key, for both encryption and decryption. Users exchanging data keep this key to themselves. Message encrypted with a secret key can be decrypted only with the same secret key. The major vulnerability of secret-key algorithm is the need for sharing the secret-key. Another solution is to securely send the secret-key from one end to other end. This is done using another class of encryption called asymmetric algorithm. Asymmetric key, also called public key, encryption uses different keys for encryption and decryption. These two keys are mathematically related and they form a key pair. One of these two keys is kept private, called the private-key, and the other can be sent in the message, called the public-key. A private key is typically used for encrypting the message. In cryptography, a certificate authority(CA) is an organization that issues digital certificates for use by
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: other parties. Commercial CAs charge to issue certificates that will automatically be trusted by most web browsers. Aside from commercial CAs, some providers issue digital certificates to the public at no cost. Large institutions or government entities may have their own CAs.A CA issues digital certificates that contain a public key and the identity of the owner. When an end-user tries to access an unknown URL the web browser will contact the CA to confirm the public key of the URL. The matching private key is not similarly made available publicly, but kept secret by the end user who generated the key pair. The certificate is a confirmation by the CA that the public key contained in the certificate belongs to the purchaser of the certificate and that they are who they say they are. If the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to whoever is identified in the certificate....
View Full Document

This note was uploaded on 05/12/2010 for the course CIS 256 taught by Professor Dres during the Spring '10 term at Chesapeake College.

Ask a homework question - tutors are online