trustport public key infrastructure
DESCRIPTION
TrustPort Public Key Infrastructure. Security of electronic communications Using asymmetric cryptography Electronic signature, digital certificate Using public key infrastructure TrustPort public key infrastructure solutions TrustPort eSign Pro. Table of contents. Three main aspects - PowerPoint PPT PresentationTRANSCRIPT
TrustPort Public Key Infrastructure
WWW.TRUSTPORT.COM
Keep It Secure
Table of contents
Security of electronic communicationsUsing asymmetric cryptographyElectronic signature, digital certificateUsing public key infrastructureTrustPort public key infrastructure solutionsTrustPort eSign Pro
WWW.TRUSTPORT.COM
Keep It Secure
Security of electronic communications
Three main aspects• Integrity of transferred data• Authentication of the sender• Confidentiality of transferred data
Perils of unsecured communications• Data tempering on the way from the sender to the recipient• The real sender pretending to be someone else• Unwanted disclosure of confidential data
WWW.TRUSTPORT.COM
Keep It Secure
Security of electronic communications
Making the communications secure
• Data encryption• Electronic signing
WWW.TRUSTPORT.COM
Keep It Secure
Making the communications secure
Symmetric cryptography• Based on a secret key• Perfect for local data encryption• Problematic distribution of the secret key
Asymmetric cryptography• Based on a private key and a public key• Designed for remote data exchange• Easy distribution of the public key• New issues to be solved
WWW.TRUSTPORT.COM
Keep It Secure
Using asymmetric cryptography for encryption
• Anyone can encrypt and send data using public key• Recipient only can decrypt data using private key
DataEncrypted
dataDecrypted
data
encryption decryption
Recipient‘s public key
Recipient‘s private key
WWW.TRUSTPORT.COM
Keep It Secure
The key pair explained
• The keys are mathematically related
• Data encrypted by public key can be decrypted only by the owner of the private key
• Data encrypted by private key can be decrypted by anyone using public key
• The private key cannot be reverse engineered from the public key
Big random number
Public key
Key generation algorithm
Private key
WWW.TRUSTPORT.COM
Keep It Secure
Using asymmetric cryptography for signing
Data Hash value
Encrypted hash value
= electronic signature
hash algorithm
encryption
sender‘s private key
Data
WWW.TRUSTPORT.COM
Keep It Secure
Verification of electronic signature
• Hash values are identical … signature is valid• Hash values are different … signature is not valid
Hash value
Encrypted hash value
= electronic signature
hash algorithm
sender‘s public key
Data
decryption
Decryptedhash value
comparison
WWW.TRUSTPORT.COM
Keep It Secure
Advantages of electronic signature
• Authentication of the sender– no other person can create a valid signature of a document in the
name of the sender
• Securing integrity of the data– the signed document cannot be modified without making the
signature invalid
• Indisputability of the sender– the sender cannot deny the document was sent by him or her
WWW.TRUSTPORT.COM
Keep It Secure
Credibility of the electronic signature
The credibility is based on the
• asymmetric encryption algorithm used.• bit length of the encryption keys used.• secure storage of the private keys.
WWW.TRUSTPORT.COM
Keep It Secure
Digital certificate
A certificate is binding together a personal identity with a public key.
Certificate parts• Identification of the holder• Serial number• Identification of certification authority• Validity period• Public key of the holder
WWW.TRUSTPORT.COM
Keep It Secure
Registration and certification authority
• accepts requests for certificates, verifies the identity of the applicants, issues digital certificates
• guarantees the credibility of digital certificates• maintains a certificate revocation list
– each certificate has a limited validity period– a certificate may be revoked even before the end of validity period– on verification of an electronic signature, the certification authority checks
the list of all revoked certificates
Accredited certification authority is a certification authority recognized by the state. It can issue qualified digital certificates, applicable for legally binding communications with the public administration.
Certification authority without accreditation can be used for internal purposes of a business or an institution.
WWW.TRUSTPORT.COM
Keep It Secure
Public key infrastructure explained
Certification authority
Registration authority
Verification authority
Sender Recipient
Certificate, private key
Request
Request is OK
Data message
Signature
Signature is OK
Signature
Certificate, public key
WWW.TRUSTPORT.COM
Keep It Secure
The use of public key infrastructure
• web applications• mail clients• office applications• content management systems• …
TrustPort Public Key Infrastructure, built on long tradition of development and experience in the field of electronic signature
WWW.TRUSTPORT.COM
Keep It Secure
TrustPort Public Key Infrastructure
Asymmetric encryption algorithms in useRSA (512 to 4096 bit), DSA (1024 bits), Elliptic curves (112 to 256 bits), Diffie-Hellman
Symmetric encryption algorithms in useRC2 (40 to 128 bits), CAST128 (64, 80, 128 bits), BlowFish (64 to 448 bits), DES (56
bits), 3DES (168 bits), Rijndael (128, 192, 256 bits), TwoFish (128, 256 bits)
Hash algorithms in useSHA1, SHA256, SHA384, SHA512, MD5, RIPEMD 160
Further specificationsLDAP support, electronic signing and verification of PDF files, PDF encryption
based on password and certificate, PDF timestamping
WWW.TRUSTPORT.COM
Keep It Secure
Solutions based on TrustPort Public Key Infrastructure
Solutions for end users• TrustPort eSign Pro
(encrypting and signing files, verification of electronic signatures, timestamping files, safe storage of private keys and personal certificates)
Solutions for businesses• TrustPort Certification Authority
(issuance and revocation of certificates, handling certificate requests, the core can run multiple certification authorities)
• TrustPort Timestamp Authority(issuance of time stamps, detection of exact time from independent sources, can be used in combination with the previous product)
WWW.TRUSTPORT.COM
Keep It Secure
Solutions based on TrustPort Public Key Infrastructure
TrustPort PKI SDK• enables development of applications using public key
infrastructure• easy import and export of certificates, certificate revocation lists,
encryption keys• safe storage of private keys and personal certificates
– on the hard drive– on chip cards and flash tokens
• multitude of symmetric, asymmetric and hash algorithms• extensive support of cards and tokens from different
manufacturers• optional modules miniCA, miniTSA
– certification and timestamp authorities for internal corporate use
WWW.TRUSTPORT.COM
Keep It Secure
TrustPort eSign Pro• Specific endpoint solution• Signs electronic documents• Encrypts documents reliably• Enables time stamping
Complete PDF support• PDF signing• PDF encryption• PDF time stamping
TrustPort eSign Pro
WWW.TRUSTPORT.COM
Keep It Secure
• Recommended system requirements:
Pentium 200 MHz or higher,
Windows 2000 or higher,
64 MB RAM
20 MB HDD
•Supported systems:Microsoft Windows 7
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
TrustPort eSign Pro
WWW.TRUSTPORT.COM
Keep It Secure
TrustPort eSign Pro
WWW.TRUSTPORT.COM
Keep It Secure
Thank you for your attention!