Asymmetric Cryptography. kprv. kpub. used in digital signature

Transcription

1

2 Digital Signature

3 logical representation: Asymmetric Cryptography plaintext plaintext kpub E kpub () kprv E kprv () ciphertext ciphertext kprv E -1 kprv () kpub E -1 kpub () used in digital envelope plaintext used in digital signature plaintext An asymmetric cryptosystem uses two keys, one of which is private, the other public. It usually provides for four operations (apart from key generation): public encryption (E kpub ), private decryption (E -1 ), private encryption (E ), public kprv kprv decryption (E -1 ). The public encryption is undone by the private decryption. kpub These two operations are used in the digital envelope technique. The private encryption is undone by the public decryption. These two operations are used in the digital signature technique.

4 Digital Signature Digital signature authenticates a message in such a way that everyone can verify its authenticity. It is usually done by computing the digest of the message and then encrypting the digest with the private key. message digest H() kprv E kpriv () signature The digital signature technique authenticates a message in such a way that everyone can verify its authenticity. Usually, we do not authenticate the message itself, but the digest of the message, relying on the collision-resistance property of the hash algorithm. The digest is authenticated by encrypting it with the private key of the authenticating entity.

5 Digital Signature The signature verification decrypts the digest with the public key, and compares it with the computed one. message received signature H() E -1 kpub () kpub digest received digest compare outcome (ok/invalid) The verification procedure acts by decrypting the signature by means of the public key of the authenticating entity, and then comparing the digest with the computed one.

6 OpenSSL API for Digital Signature int EVP_SignInit(EVP_MD_CTX* ctx, const EVP_MD* type); Initializes a context for digital signature. ctx (input/output) The context for digital signature (must be allocated). type (input) The hash algorithm to use. Returns 0 on error, non-0 on success. int EVP_SignUpdate(EVP_MD_CTX* ctx, const void* in, unsigned int inl); Updates a context for digital signature. ctx (input/output) The context. in, inl (input) The input fragment. Returns 0 on error, non-0 on success. These API functions initialize and update a context for digital signature. Remember that the hash context must be previously allocated with malloc() and EVP_MD_CTX_init(), and finally deallocated with EVP_MD_CTX_cleanup() and free().

7 OpenSSL API for Digital Signature int EVP_SignFinal(EVP_MD_CTX* ctx, unsigned char* sgnt, unsigned int* sgntl, EVP_PKEY* prvkey); Finalizes the context for digital signature. It also produces the digital signature by means of the private key. ctx (input/output) The context. sgnt, sgntl (output) The signature. The buffer must have space for EVP_PKEY_size(prvkey) bytes. prvkey (input) The private key. Returns 0 on error, non-0 on success. Notes on EC digital signature (ECDSA): EC signature with MD5 hash algorithm is not supported by OpenSSL (you have to use SHA-1 or SHA-2). EC signatures are probabilistic (signing twice the same text produces two different signatures). The PRNG must be seeded. EC signatures have a variable size (always <= EVP_PKEY_size()) This API function finalizes a context for digital signature and returns the signature. OpenSSL does not support EC digital signature (ECDSA) with the obsolete MD5 hash algorithm (EVP_SignFinal() will return 0 if this combination is attempted). Note also that EC signatures are probabilistic and have a variable size. On the contrary, RSA signatures are deterministic (same message and same key = same signature) and fixed in size.

8 OpenSSL API for Digital Signature int EVP_VerifyInit(EVP_MD_CTX* ctx, const EVP_MD* type); Initializes a context for digital signature verification. ctx (input/output) The context for digital signature verifica on (must be allocated). type (input) The hash algorithm to use. Returns 0 on error, non-0 on success. int EVP_VerifyUpdate(EVP_MD_CTX* ctx, const void* in, unsigned int inl); Updates a context for digital signature verification. ctx (input/output) The context. in, inl (input) The input fragment. Returns 0 on error, non-0 on success. These API functions initialize and update a context for digital signature verification.

9 OpenSSL API for Digital Signature int EVP_VerifyFinal(EVP_MD_CTX* ctx, unsigned char* sgnt, unsigned int sgntl, EVP_PKEY* pubkey); Finalizes the context for digital signature verification. It also verifies the digital signature by means of the public key. ctx (input/output) The context. sgnt, sgntl (input) The signature to verify. pubkey (input) The public key. Returns 0 on invalid signature, -1 on other errors, 1 on success. This API function finalizes a context for digital signature verification and checks the validity of a received signature. The function returns 0 if the received signature is not valid, -1 if some other error has occurred, 1 on success.

10 Final Exercise On the server, generate a pair of 1024-bit RSA keys (server's key pair, used for digital envelope). Give the public key to the client. On the client, generate a pair of 1024-bit RSA keys (client's key pair, used for digital signature). Give the public key to the server. The client: reads a file, signs it with the client's private key (MD5), envelopes the file and the signature with the server's public key (DES in CBC), and sends to the server: encrypted key + IV + ciphertext. The server decrypts the message, verifies the signature, and saves it on a local file.

11 Final Exercise Extension Repeat the exercise using SHA-256 and 384-bit EC keys for the digital signature and AES-128 in CBC for the digital envelope (the server's keys remain RSA). Remember that EC signatures do not have a constant size.