#what_is_digital_signature??
#How_digital_signature_works??
#Asymmetric_vs_Symmetric_Encryption
#Digital_certificate??
I will explain everything here but...
First let's understand Cryptography, if the same key is used to encrypt the data and to decrypt as well, then it is called symmetric encryption and key is called symmetric key...... For eg... Our normal home locking keys... But if one key is used to encrypt the data and another key to decrypt that data...or Vice-Versa.. Then it is called Asymmetric Encryption and keys are called Asymmetric keys
[i.e. private and public keys] ....
Suppose key1 is used to encrypt the data, then key2 will be used to decrypt that data.... But key2 can also be used to encrypt the data where key1 will decrypt that data.... Meaning data encrypted by key1 can ONLY be decrypted by key2 and data encrypted by key2 can ONLY be decrypted by key1, provided that key1 and key2 are the pair of asymmetric keys. Let me elaborate it further... So, let's suppose i want a secure communication with my friend. So, for that what i would do is.... I will encrypt the msg using key1 and send it to him/her.... so what s/he will do is.... S/he will use key2 for decrypting that msg.... So, here in this example: key1 is my private key and key2 is my public key. Again if my friend wants to send me a msg... Then what s/he will do is....
S/he will use key2 for encrypting the msg and will send it to me... And after receiving, i will decrypt it using key1.... So, in this case key2 is my friend's private key and key1 will be my friend's public key.... Though it depends on the condition and frame of reference,
IN GENERAL you can understand private key as a key used to encrypt the data while the public key as a key used to decrypt the data. IN GENERAL OKEY....
Till now you understood about symmetric and asymmetric Cryptography.
Now let's understand the digital signature and digital certificate..... But at first we need to know its necessity... Why do we need it..... We need it mainly for digital verification i.e. To verify whether a msg is really from an authenticated source or not... Like in many cases the msg might have be modified or altered by the hackers using man in the middle attack. So, concept of digital signature helps to verify the original sender of the msg or the original issuer of any document. But let me clear one misconception at first.... Digital certificate is NOT the scanned picture of any documents which many people might think. So, digital certificate
Is the electronic document used to prove the ownership of the public key.
Let's understand it by the example.... Suppose i completed my B.E. and TU [my University] gave my Marksheet in the form of digital certificate. So, what TU will do
for that is... It will convert all of my details like name, symbol no, marks etc... In fact it will convert the whole data of my Marksheet into the hash code. AND UNDERSTAND ONE THING HASH IS A NON REVERSIBLE FUNCTION SO, ANY DATA PASSED THROUGH THE HASH FUNCTION CANNOT BE DECRYPTED. IT IS A ONE WAY FUNCTION.
Now i was in the hash code, right??
So, after converting the whole data of my Marksheet into the hashcode.... NEXT STEP WHAT TU WILL IS.... IT WILL ENCRYPT THAT HASH CODE USING ITS PRIVATE KEY. SO, THIS PROCESS OF ENCRYPTING THE HASH CODE OF ANY CERTIFICATE DATA OR ANY IMP DATA, USING A PRIVATE KEY BY THE ORGANISATION IS CALLED DIGITAL SIGNATURE OR TO SIGN ANY CERTIFICATE DIGITALLY.
Now TU will give me the DIGITAL CERTIFICATE of my Marksheet which will contain three things... [it will contain other details too but they are just additional, main are these 3 things]
[1] Unencrypted plain data as it is in my Marksheet.
[2] Hash code of data in the Marksheet along with the name of hash function used like md5, SHA ... Etc..
[3] Encrypted data of that Hash code which was encrypted using issuer's private key.
Now suppose i applied for the job in Any Telecom company. And i will show my digital certificate. So, to verify it... What they will do is.... They will pass the details of no. 1 above through th
#How_digital_signature_works??
#Asymmetric_vs_Symmetric_Encryption
#Digital_certificate??
I will explain everything here but...
First let's understand Cryptography, if the same key is used to encrypt the data and to decrypt as well, then it is called symmetric encryption and key is called symmetric key...... For eg... Our normal home locking keys... But if one key is used to encrypt the data and another key to decrypt that data...or Vice-Versa.. Then it is called Asymmetric Encryption and keys are called Asymmetric keys
[i.e. private and public keys] ....
Suppose key1 is used to encrypt the data, then key2 will be used to decrypt that data.... But key2 can also be used to encrypt the data where key1 will decrypt that data.... Meaning data encrypted by key1 can ONLY be decrypted by key2 and data encrypted by key2 can ONLY be decrypted by key1, provided that key1 and key2 are the pair of asymmetric keys. Let me elaborate it further... So, let's suppose i want a secure communication with my friend. So, for that what i would do is.... I will encrypt the msg using key1 and send it to him/her.... so what s/he will do is.... S/he will use key2 for decrypting that msg.... So, here in this example: key1 is my private key and key2 is my public key. Again if my friend wants to send me a msg... Then what s/he will do is....
S/he will use key2 for encrypting the msg and will send it to me... And after receiving, i will decrypt it using key1.... So, in this case key2 is my friend's private key and key1 will be my friend's public key.... Though it depends on the condition and frame of reference,
IN GENERAL you can understand private key as a key used to encrypt the data while the public key as a key used to decrypt the data. IN GENERAL OKEY....
Till now you understood about symmetric and asymmetric Cryptography.
Now let's understand the digital signature and digital certificate..... But at first we need to know its necessity... Why do we need it..... We need it mainly for digital verification i.e. To verify whether a msg is really from an authenticated source or not... Like in many cases the msg might have be modified or altered by the hackers using man in the middle attack. So, concept of digital signature helps to verify the original sender of the msg or the original issuer of any document. But let me clear one misconception at first.... Digital certificate is NOT the scanned picture of any documents which many people might think. So, digital certificate
Is the electronic document used to prove the ownership of the public key.
Let's understand it by the example.... Suppose i completed my B.E. and TU [my University] gave my Marksheet in the form of digital certificate. So, what TU will do
for that is... It will convert all of my details like name, symbol no, marks etc... In fact it will convert the whole data of my Marksheet into the hash code. AND UNDERSTAND ONE THING HASH IS A NON REVERSIBLE FUNCTION SO, ANY DATA PASSED THROUGH THE HASH FUNCTION CANNOT BE DECRYPTED. IT IS A ONE WAY FUNCTION.
Now i was in the hash code, right??
So, after converting the whole data of my Marksheet into the hashcode.... NEXT STEP WHAT TU WILL IS.... IT WILL ENCRYPT THAT HASH CODE USING ITS PRIVATE KEY. SO, THIS PROCESS OF ENCRYPTING THE HASH CODE OF ANY CERTIFICATE DATA OR ANY IMP DATA, USING A PRIVATE KEY BY THE ORGANISATION IS CALLED DIGITAL SIGNATURE OR TO SIGN ANY CERTIFICATE DIGITALLY.
Now TU will give me the DIGITAL CERTIFICATE of my Marksheet which will contain three things... [it will contain other details too but they are just additional, main are these 3 things]
[1] Unencrypted plain data as it is in my Marksheet.
[2] Hash code of data in the Marksheet along with the name of hash function used like md5, SHA ... Etc..
[3] Encrypted data of that Hash code which was encrypted using issuer's private key.
Now suppose i applied for the job in Any Telecom company. And i will show my digital certificate. So, to verify it... What they will do is.... They will pass the details of no. 1 above through th
No comments:
Post a Comment