Course: Basics of Information Security (4360702)

Unit 3
Public Key
Cryptography

Prepared By
Chaitali J. Vaghela
Lecturer,
Department of Computer
Engineering
Government Polytechnic for
Girls,Ahmedabad.
Contents
❖ Public Key Cryptography
❖ Principles of Public Key Cryptography
❖ Applications of Public Key Cryptography
❖ RSA Algorithm
❖ Digital Signature
❖ Key Management
❖ Public Key Infrastructures
➢ Certificate Authority (CA)
➢ Registration Authority (RA)
➢ Certificate Repositories
➢ Digital Certificate
Public Key Cryptography
❖ In this type of techniques, a pair of keys is used to encrypt and decrypt
information.
❖ A public key is used for encryption and a private key is used for decryption.
❖ Public key and Private Key are different.
❖ The private key is kept by the receiver and the public key is announced to
the public.
❖ Even if the public key is known by everyone the intended receiver can only
decode it because he alone knows the private key.
❖ It is also known as Asymmetric Key Cryptography.
❖ Asymmetric Key Systems are complex and slower.
❖ Example: RSA, Diffie Hellman, DSA, ECDSA, XTR
Public Key Cryptography (Cont.)
Public Key Cryptography (Cont.)
❖ Asymmetric encryption uses a mathematically related pair of keys
for encryption and decryption.
❖ Asymmetric key cipher is a cryptographic scheme requiring two
different keys, one to lock or encrypt the plaintext, and one to
unlock or decrypt the ciphertext.
❖ Neither key will do both functions.
❖ Asymmetric encryption can be linked to a mailbox on the street.
➢ The mailbox is completely public—anyone who knows its location could go to it
and drop in a letter.
➢ However, only the owner of the mailbox has a key which allows him to access it
and read the letters.
Public Key Cryptography (Cont.)
❖ One key is published (public key) and the other is kept private (private
key).
❖ If the lock/encryption key is the one published, the system enables private
communication from the public to the unlocking key's owner.
❖ If the unlock/decryption key is the one published, then the system serves
as a signature verifier of documents locked by the owner of the private
key.
❖ Examples:
➢ RSA (Rivest–Shamir–Adleman)
➢ DSA(Digital Signature Algorithm)
➢ ECC (Elliptical Curve Cryptography)
➢ Diffie–Hellman
Public Key Cryptography (Cont.)

Symmetric-key cryptography is based on sharing secrecy;

Asymmetric-key cryptography is based on personal secrecy.

In symmetric-key cryptography, symbols are permuted or

substituted;
In asymmetric-key cryptography, numbers are manipulated.
Public Key Cryptography (Cont.)
❖ There is a very important fact that is sometimes misunderstood: The advent of
asymmetric key (public-key) cryptography does not eliminate the need for
symmetric-key (secretkey) cryptography.
❖ The reason is that asymmetric-key cryptography, which uses mathematical functions for
encryption and decryption, is much slower than symmetric-key cryptography.
❖ For encipherment of large messages, symmetric-key cryptography is still needed.
❖ On the other hand, the speed of symmetric-key cryptography does not eliminate
the need for asymmetric-key cryptography.
❖ Asymmetric-key cryptography is still needed for authentication, digital signatures, and
secret-key exchanges.
❖ This means that, to be able to use all aspects of security today, we need both
symmetric-key and asymmetric-key cryptography.
❖ One complements the other.
Principles of Public Key Cryptography
❖ Asymmetric key cryptography, also known as public key cryptography,
relies on pairs of keys for secure communication.
❖ Followings are the fundamental principles of public key cryptography:
➢ Key Pair Generation: Each participant generates a pair of keys: a public key and a
private key. The keys are mathematically related, often derived from complex
mathematical problems, and are computationally infeasible to reverse.
➢ Public Key Distribution: Public keys are shared openly and can be distributed widely. A
user's public key is used by others to encrypt messages intended for that user.
➢ Private Key Secrecy: The private key must be kept confidential and known only to the
owner. Security relies on the private key remaining secret to ensure the confidentiality of
communication.
➢ Algorithm Strength: The security of asymmetric key cryptography relies on the
strength of the underlying mathematical algorithms.
Applications of Public Key Cryptography
❖ Digital Signatures: Digital signatures, created using asymmetric key pairs, are used to verify the
authenticity and integrity of digital messages. They are commonly employed in electronic
documents, software distribution, and financial transactions.
❖ Key Exchange Protocols: Asymmetric key cryptography facilitates secure key exchange protocols,
such as the Diffie-Hellman key exchange. These protocols allow two parties to agree on a shared
secret key over an insecure communication channel.
❖ Secure Communication: One of the primary uses of asymmetric key cryptography is to ensure
secure communication over insecure channels. It enables users to exchange confidential information
without sharing a secret key in advance.
❖ Email Encryption: Asymmetric key cryptography is employed in email encryption protocols such as
Pretty Good Privacy (PGP) and S/MIME. It allows users to send encrypted emails, ensuring that only
the intended recipient can decrypt and read the content.
❖ SSL/TLS for Secure Web Browsing: Asymmetric key cryptography is integral to the Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) protocols used for securing web
communication.
❖ Virtual Private Networks (VPNs): VPNs use asymmetric key cryptography for secure key
exchange and establishing a secure communication channel over the internet.
❖ Blockchain Technology: Many blockchain systems use asymmetric key pairs for secure transaction
signing and user authentication.
RSA Algorithm
❖ The most common public-key algorithm is the RSA cryptosystem,
named after its inventors Ron Rivest, Adi Shamir, and Leonard
Adleman.
❖ In 1977, Ron Rivest, Adi Shamir, and Leonard Adleman, who were
researchers at MIT (Massachusetts Institute of Technology),
introduced the RSA algorithm for public-key cryptography.
❖ The details of the RSA algorithm were published in a paper titled "A
Method for Obtaining Digital Signatures and Public-Key
Cryptosystems" in the journal "Communications of the ACM" in
April 1978.
❖ The RSA relies on the mathematical properties of large prime
numbers and their difficulty in factoring the product of two such
primes.
RSA Algorithm (cont.)
❖ RSA uses two exponents, e and d, where e is public and d is private.
❖ Example:
➢ Suppose M is the plaintext message and C is the ciphertext.
➢ Sender A uses C = Me mod n to create ciphertext C from plaintext M
➢ Receiver uses M = Cd mod n to retrieve the plaintext sent by the sender A.
➢ The modulus n, a very large number, is created during the key generation
process
RSA Algorithm (cont.)
❖ Steps of RSA algorithm:
➢ Key Generation
■ Select two large prime numbers, p and q. (The prime numbers need to be
large so that they will be difficult for someone to figure out.)
■ Multiply these numbers to find n = p x q, where n is called the modulus for
encryption and decryption.
■ Calculate the totient function: ϕ(n) = (p-1) x (q-1)
■ Select an integer e, such that e is co-prime to ϕ(n) and 1<e<ϕ(n).
■ The pair of numbers (n,e) makes up the public key.
■ Calculate d such that (d * e) % φ(n) = 1.
■ The pair (n,d) makes up the private key.
➢ Encryption
■ Given a plain text message M, represented as a number, the ciphertext C is
calculated as: C = Me mod n
➢ Decryption
■ Using the private key (n,d), the plain text message can be found using:
M = Cd mod n
RSA Algorithm (cont.)
❖ Example 1 of RSA algorithm
➢ Choose two prime numbers p and q
■ p = 3 and q = 11
➢ Compute n = p * q
■ n= 3 * 11 = 33
➢ Compute φ(n) = (p - 1) * (q - 1)
■ φ(n) = 2 * 10 = 20
➢ Choose e such that 1 < e < φ(n) and e and φ (n) are co-prime.
■ Let e = 7
➢ Compute a value for d such that (d * e) % φ(n) = 1.
■ One solution is d = 3 (as (3*7) % 20 = 1)
➢ Public key is (e, n) => (7, 33)
➢ Private key is (d, n) => (3, 33)
➢ The encryption of plaintext message M = 2
■ C=Me mod n = 27 mod 33 = 128 mod 33 = 29 (Cipher text is 29)
➢ The decryption of ciphertext C = 29
■ M = Cd mod n = 293 mod 33 = 24389 mod 33 = 2 (Plain text is 2)
RSA Algorithm (cont.)
❖ Example 2 of RSA algorithm
➢ Choose two prime numbers p and q
■ p = 7 and q = 19
➢ Compute n = p * q
■ n= 7 * 19 = 133
➢ Compute φ(n) = (p - 1) * (q - 1)
■ φ(n) = 6 * 18 = 108
➢ Choose e such that 1 < e < φ(n) and e and φ (n) are co-prime.
■ Let e = 11
➢ Compute a value for d such that (d * e) % φ(n) = 1.
■ One solution is d = 59 (as (59*11) % 108 = 1)
➢ Public key is (e, n) => (11, 108)
➢ Private key is (d, n) => (59, 108)
➢ The encryption of plaintext message M = 5
■ C=Me mod n = 511 mod 108 = 48828125 mod 108 = 29 (Cipher text is 29)
➢ The decryption of ciphertext C = 29
■ M = Cd mod n = 2959 mod 108 = 1.9119735e+86 mod 108 = 5 (Plain text is
5)
RSA Algorithm (cont.)
❖ Example 3 of RSA algorithm Encryption
➢ Public key is (e, n) => (7, 33)
➢ Plain Text: HELLO

Message M Me mod n C

H 8 87 mod 33 02

E 5 57 mod 33 14

L 12 127 mod 33 12

L 12 127 mod 33 12

O 15 157 mod 33 27

➢ Cipher Text: 02 14 12 12 27
RSA Algorithm (cont.)
❖ Example 3 of RSA algorithm Decryption
➢ Private key is (d, n) => (3, 33)
➢ Cipher Text: 02 14 12 12 27

C Me mod n M Message

2 23 mod 33 8 H

14 143 mod 33 5 E

12 123 mod 33 12 L

12 123 mod 33 12 L

27 273 mod 33 15 O

➢ Plain text: HELLO

Applications of RSA Algorithm
❖ RSA (Rivest-Shamir-Adleman) is a widely used public-key cryptosystem that
has various applications in the field of information security.
❖ Secure Communication: RSA is commonly used for securing
communication over the internet. It facilitates secure data transmission by
encrypting messages with the public key, which can only be decrypted by
the corresponding private key.
❖ Digital Signatures: RSA is employed for creating digital signatures, which
are used to verify the authenticity and integrity of digital messages or
documents. The sender can sign a message with their private key, and the
recipient can verify the signature using the sender's public key.
❖ Secure Email: RSA is used in email systems to provide confidentiality and
authentication. Emails can be encrypted with the recipient's public key,
ensuring that only the intended recipient with the corresponding private
key can decrypt and read the message.
Applications of RSA Algorithm (cont.)
❖ Secure Web Browsing (SSL/TLS): RSA is a fundamental component in
the SSL/TLS protocols, which secure web communication. It is used for key
exchange during the initial setup of a secure connection, enabling
encryption of data exchanged between a web browser and a server.
❖ Secure File Transfer: RSA can be employed in secure file transfer
protocols to encrypt files during transmission. This ensures that even if the
data is intercepted, it cannot be deciphered without the private key.
❖ Authentication Tokens: RSA is used in the creation of secure
authentication tokens and smart cards. These devices generate and store
RSA key pairs to provide secure access to systems and networks.
❖ Digital Certificates: RSA is commonly used in the creation of digital
certificates. Digital certificates bind an individual's identity to a public key,
allowing others to verify the identity of the certificate holder and establish
secure communication.
Vulnerabilities of RSA Algorithm
❖ While RSA is effective in many situations, it still has some weaknesses that
attackers could exploit.
❖ Key Length and Computational Resources: As computing power increases
over time, the key lengths used in RSA must also be increased to maintain
security. Shorter key lengths become more susceptible to brute-force attacks as
computational capabilities improve.
❖ Weak Key generation: RSA keys have certain requirements relating to their
generation. If the prime numbers are too close, or if one of the numbers making
up the private key is too small, then the key can be solved for much easier.
❖ Key Management and Storage: If private keys are not securely managed and
stored, they become vulnerable to theft or unauthorized access. Adequate key
management practices are crucial to maintaining the security of RSA.
❖ Weak Random Number Generator: When organizations use weak random
number generators, then the prime numbers created by them are much easier
to factor, thus giving attackers an easier time of cracking the algorithm.
RSA Algorithm (cont.)
❖ RSA is a widely used asymmetric cryptographic algorithm.
❖ It's important to note that RSA is computationally expensive for
large key sizes, particularly for the private key operations
(decryption).
❖ Therefore, in practice, RSA is often used in combination with
symmetric key algorithms, where RSA is employed for secure key
exchange, and a symmetric key is used for the actual data
encryption.
❖ This hybrid approach combines the strengths of both asymmetric
and symmetric cryptography.
Digital Signature
❖ In the physical world, it is common to use handwritten signatures
on handwritten or typed messages to bind signatory to the
message.
❖ Similarly, a digital signature is a technique that binds a
person/entity to the digital data.
❖ This binding can be independently verified by receiver as well as
any third party.
❖ When a person sends data through a document, it becomes
important to identify his/her authenticity for security and safety
reasons.
❖ A digital signature is an authentication mechanism that enables the
creator of a message to attach a code that acts as a signature.
Digital Signature
❖ Security measures provided by Digital Signature:
➢ Authentication: It is the process of verifying that the individual who
sends a message is really who they say they are, and not an impostor.
➢ Integrity: The integrity of data or a message refers to whether it has
arrived in the same state as when it was sent. If a message has been
altered or tampered with, it no-longer retains its integrity.
➢ Non-repudiation: If data or a message is non-repudiable, it means that
its author cannot dispute that they were the true creator of the
document.
❖ There are 2 popular algorithms that are used to generate and verify digital
signature using public keys:
➢ RSA (Rivest, Shamir and Adleman) algorithm developed by Ronald L.
Rivest, Adi Shamir, and Leonard M. Adleman in 1976.
➢ DSA (Digital Signature Algorithm) algorithm developed by US
government in 1991.
Key Management
❖ The security of any cryptosystem depends upon how securely its keys are
managed.
❖ Without secure procedures for the handling of cryptographic keys, the
benefits of the use of strong cryptographic schemes are potentially lost.
❖ It is observed that cryptographic schemes are rarely compromised through
weaknesses in their design.
❖ However, they are often compromised through poor key management.
❖ Cryptographic keys are nothing but special pieces of data.
❖ Key management refers to the secure administration of cryptographic keys
Key Management
❖ There are two specific requirements of key management for public key cryptography.
➢ Secrecy of private keys
■ Throughout the key lifecycle, secret keys must remain secret from all parties except those who
are owner and are authorized to use them.
➢ Assurance of public keys
■ In public key cryptography, the public keys are in open domain and seen as public pieces of data.
■ By default there are no assurances of whether a public key is correct, with whom it can be
associated, or what it can be used for.
■ Thus key management of public keys needs to focus much more explicitly on assurance of
purpose of public keys.
❖ The most crucial requirement of ‘assurance of public key’ can be achieved through
the Public Key Infrastructure (PKI), a key management systems for supporting
public-key cryptography.
Need of Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI)
❖ A Public Key Infrastructure is an infrastructure that uses digital
certificates as an authentication mechanism and is designed to
manage those certificates and their associated keys.
❖ It creates digital certificates which bind public keys to entities,
stores them securely and revokes them when required.
❖ The problem that PKI solves stems from the difficulty of verifying
that a public key is actually owned by the person or entity that
claims it.
Public Key Infrastructure (PKI) (Cont.)
❖ A PKI involves the participation of trusted third parties who verify the
identity of the parties wishing to engage in a secure communication
through the issuing of digital certificates.
❖ A digital certificate / PKI Certificate contains information about the
key-holder, the public key, an expiration date and the signature of
the Certificate Authority that issued it
❖ A trusted third party called a registration authority verifies the identity of a
person or entity and instructs another body, the certificate authority to
issue a digital certificate which also contains that entities public key.
❖ This certificate (and the public key contained therein) may subsequently be
used to prove identity and enable secure transactions with other parties.
Public Key Infrastructure (PKI) (Cont.)
❖ Components of public key infrastructure(PKI) are:
➢ Certificate Authorities
➢ Registration Authorities
➢ Certificate Repositories
➢ Digital Certificates
Public Key Infrastructure (PKI) (Cont.)
Certificate Authority (CA)
❖ A Certificate Authority (CA) is the trusted third party responsible for
validating the identity of a person or organization.
❖ A trusted CA is the only entity that can issue trusted digital
certificates.
❖ The CA takes responsibility for identifying correctly the identity of the
client asking for a certificate to be issued, and ensures that the
information contained within the certificate is correct and digitally
signs it.
❖ List of CAs in India:
➢ E-MUDHRA, NSDL, CDAC, IDSIGN, IDRBT, etc
❖ PKI of India : http://cca.gov.in/ca_certificates.html
Key Functions of CA
❖ Generating key pairs
➢ The CA may generate a key pair independently or jointly with the client.
❖ Issuing digital certificates
➢ The CA issues a certificate after client provides the credentials to confirm his identity.
➢ The CA then signs the certificate to prevent modification of the details contained in the
certificate.
➢ The CA makes its public key available in environment to assist verification of his signature on
clients’ digital certificate.
❖ Publishing Certificates
➢ The CA need to publish certificates so that users can find them.
❖ Revocation of Certificates
➢ CA can revoke the certificate issued due for some reason such as compromise of private key
by user or loss of trust in the client.
❖ Maintain and issue Certificate Revocation Lists (CRLs)
Registration Authorities (RA)
❖ CA may use a third-party Registration Authority (RA) to perform the necessary
checks on the person or company requesting the certificate to confirm their
identity.
❖ The RA may appear to the client as a CA, but they do not actually sign the
certificate that is issued.
❖ The registration authority (RA) is the component of a PKI which is responsible
for accepting requests for digital certificates and authenticating the person or
organization making the request.
❖ It is responsible for receiving certificate signing requests – for the initial
enrollment or renewals – from people, servers, things or other applications.
❖ The Registration Authority verifies and forwards these requests to a Certificate
Authority (CA).
Certificate Repositories
❖ Certificate repositories are mainly used to store and distribute certificates.
❖ All the issued certificates are stored in the repository so that the applications can
retrieve them easily.
❖ A directory system is best used for this process.
❖ Lightweight Directory Access Protocol (LDAP) is one of the best technology at present for
certificate repositories.
❖ These directories store the certificates and make it easier for applications to retrieve
these certificates for a user.
❖ The main advantage of these directories is that they can be used in highly distributed
networks and they are made publicly accessible.
❖ It also makes the search easier by storing the certificates in a hierarchical structure.
❖ The certificate repository also contains certificate status information and revocation
information.
Digital Certificate
❖ A digital certificate is a file or electronic password that proves the
authenticity of a device, server, or user through the use of cryptography
and the public key infrastructure (PKI).
❖ Digital certificates are electronic credentials that are used to assert the
online identities of individuals, computers, and other entities on a network.
❖ A digital certificate contains identifiable information, such as a user’s
name, company, or department and a device’s Internet Protocol (IP)
address or serial number.
❖ Digital certificates contain a copy of a public key from the certificate
holder, which needs to be matched to a corresponding private key to verify
it is real.
Digital Certificate (Cont.)
❖ Digital certificates facilitate secure electronic communication and
data exchange between people, systems, and devices online.
❖ A public key certificate is issued by certificate authorities (CAs),
which sign certificates to verify the identity of the requesting device
or user.
❖ Digital certificate perform two primary functions:
➢ Verifying the identity of the sender/receiver of an electronic message
➢ Providing the means to encrypt/decrypt messages between sender and receiver
(i.e., binding and entity to their public key)
❖ Digital certificates in public key infrastructure are used to establish
integrity and ownership of a public key.
Digital Certificate (Cont.)
Digital Certificate (Cont.)
❖ The certificate purpose defines the intended primary use of the certificate.
❖ The certificate purpose can be one of followings:
➢ Encryption
■ A certificate with this purpose will contain cryptographic keys for encryption and
decryption.
➢ Signature
■ A certificate with this purpose will contain cryptographic keys for signing data only.
➢ Signature and encryption
■ A certificate with this purpose covers all primary uses of a certificate’s cryptographic key,
including encryption of data, decryption of data, initial logon, or digitally signing data.
➢ Signature and smartcard logon
■ A certificate with this purpose allows for initial logon with a smart card, and digitally
signing data;
■ It cannot be used for data encryption.
Digital Certificate (Cont.)
❖ Classes of Digital Certificate:
➢ Class 1 Certificate
■ The term “Class 1 Certificate” denotes a certificate that purposes to serve both
individuals and private subscribers.
■ Also, it provides a basic level of surety to the user regarding his/her information and
is applicable only in those areas where the threat to data is low.
➢ Class 2 Certificate
■ A class 2 certificate is usually utilised by business personnel and private individuals.
■ Further, in terms of functionality, a class 2 certificate serves the same purpose that
of a class 1 certificate.
➢ Class 3 Certificate
■ In general terms, a Class 3 certificate is meant to benefit the bigger organizations
and have a larger scope of applicability.
Digital Certificate (Cont.)
❖ The benefits of a Digital Signature Certificate are as follows:
➢ Authenticity of Documents
■ Digitally signed documents give confidence to the receiver to be assured of the
signer’s authenticity.
■ They can take action on the basis of such documents without getting worried
about the documents being forged.
➢ Integrity of Data
■ Documents that are signed digitally cannot be altered or edited after signing,
which makes the data safe and secure.
➢ Reduced Cost and Time
■ Digitally signing a document is quicker and faster than physically signing a
document and then scanning the same to send via e-mail.
■ That means the same saves time and cost of printing and scanning documents.
Digital Certificate Structure
Digital Certificate Structure (Cont.)
❖ An X.509 certificate is a digital certificate based on the widely accepted International
Telecommunications Union (ITU) X.509 standard, which defines the format of public key
infrastructure (PKI) certificates.
❖ X.509 Version 3 certificates support the following fields that have been supported since X.509
version 1:
➢ Subject: Provides the name of the computer, user, network device, or service that the CA issues the certificate to. The
subject name is commonly represented by using an X.500 or Lightweight Directory Access Protocol (LDAP) format.
➢ Serial Number: Provides a unique identifier for each certificate that a CA issues.
➢ Issuer: Provides a distinguished name for the CA that issued the certificate. The issuer name is commonly represented
by using an X.500 or LDAP format.
➢ Valid From: Provides the date and time when the certificate becomes valid.
➢ Valid To: Provides the date and time when the certificate is no longer considered valid. The date when an application or
service evaluates the certificate must fall between the Valid From and Valid To fields of the certificate for the certificate
to be considered valid.
➢ Public Key: Contains the public key of the key pair that is associated with the certificate.
➢ Signature Algorithm: The algorithm used to sign the certificate.
➢ Signature Value: Bit string containing the digital signature.
Digital Certificate Example
Steps for obtaining Digital Certificate
Steps for obtaining Digital Certificate (Cont.)
❖ The steps to apply for Digital Certificate are as follows:
1. Logging in and selecting the type of unit
a. Log in to the website issuing digital certificate in India
b. Go to the “Digital Certification Services” Click on the type of entity (the
preferred entity of digital certificate) found under Digital Certification
Services (An individual applying must click on ‘individual’)
c. Following that, a new tab with the digital certificate registration form will
open
d. Click on download to obtain the form on your computer.
2. Filling the necessary details
a. After downloading, fill in the field provided with authentic data
b. Print a copy of the completed form for future references. Check the
details thoroughly prior to submission and take a print out
Steps for obtaining Digital Certificate (Cont.)
Steps for obtaining Digital Certificate (Cont.)
❖ The steps to apply for Digital Certificate are as follows:
3. Submitting proof of Identity
a. It is necessary to attest to the supporting documents from an Attesting officer. Bear
in mind to cross-check the sign and seal and ensure clear visibility.
b. Following that, submit the necessary documents along with application form
4. Payment
a. Payment can be done via demand draft or cheque only.
● The cost to obtain digital certificate varies concerning the producers. (For
example, eMudhra offers to issue digital certificate ranging from Rs 899 to
5,999 depending on the class and duration.)
5. Attach the required Documents
a. The envelope the applicant submits to the RA must contain
i. The filled registration form
ii. Demand draft / Cheque of payment
iii. The documents as proof of identity and address
6. Finally, submit the envelope to the local RA
● After scrutiny and within 3-7 working days, the applicant will receive the digital
certificate.
Verifying Authenticity and Integrity of a Certificate
❖ To verify the authenticity and integrity of a certificate:
➢ Compare the CA that digitally signed the certificate to a list of CAs that has
already been loaded into the receiver’s computer
➢ Calculate a message digest for the certificate.
➢ Use the CA’s public key to decrypt the digital signature and recover what is
claimed to be the original message digest embedded within the certificate
(validating the digital signature).
➢ Compare the two resulting message digest values to ensure the integrity of
the certificate.
➢ Review the identification information within the certificate, such as the e-
mail address.
➢ Review the validity dates.
➢ Check a revocation list to see whether the certificate has been revoked
Book References
❖ Cryptography and Network Security by Behrouz Forouzan and
Debdeep Mukhopadhyay
❖ Cryptography and Network Security Principles and Practices
by William Stallings
❖ Principles Of Computer Security CompTIA Security+ And
Beyond by By Wm. Arthur Conklin, Greg White, Chuck Cothren,
Roger L. Davis, Dwayne Williams
Web References
❖ https://www.ibm.com/docs/en/ztpf/1.1.0.15?topic=concepts-public-k
ey-cryptography
❖ https://www.practicalnetworking.net/series/cryptography/rsa-exampl
e/
❖ https://www.encryptionconsulting.com/education-center/what-is-rsa/
❖ https://cca.gov.in/pki.html
❖ https://cheapsslsecurity.com/blog/understanding-the-role-of-certifica
te-authorities-in-pki/
❖ https://www.grainmart.in/news/digital-signature-certificate-applicati
on-and-process/