SlideShare ist ein Scribd-Unternehmen logo

Email security

Als ODP, PDF herunterladen
Ahmed EL-KOSAIRY
Ahmed EL-KOSAIRY

Email Security

TechnologieBildung
1 von 14
Email Security Eng.Ahmed Ali El-Kosairy eng.aelkosairy@gmail.com
Threats  Threats to the security of e-mail itself − Loss of confidentiality E-mails are sent in clear over open networks  E-mails stored on potentially insecure clients and mail servers  − Loss of integrity  − − − No integrity protection on e-mails; body can be altered in transit or on mail server Lack of data origin authentication Lack of non-repudiation Lack of notification of receipt
Threats Enabled by E-mail     Disclosure of sensitive information Exposure of systems to malicious code Denial-of-Service (DoS) Unauthorized accesses etc.
What are the Options  Secure the server to client connections (easy thing first) − −  POP, IMAP over ssh, SSL https access to webmail Secure the end-to-end email delivery − − The PGPs of the world Still need to get the other party to be PGP aware
Email based Attacks Buffer over-flow attack −  Fix the code Shell script attack − Scan before send to the shell Web bugs (for tracking) - Hardening the mail server
Email SPAM   Cost to exceed $10 billion SPAM filtering − − − Content based – required hits White list Black list
PGP      PGP=“Pretty Good Privacy” First released in 1991, developed by Phil Zimmerman Freeware: OpenPGP and variants: OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group. − www.ietf.org/html.charters/openpgp-charter.html Available as plug-in for popular e-mail clients, can also be used as stand-alone software.
PGP  Functionality − −  Encryption for confidentiality. Signature for non-repudiation/authenticity. Sign before encrypt, so signatures on unencrypted data can be detached and stored separately.
PGP Algorithms  Broad range of algorithms supported: Symmetric encryption: −  Public key encryption of session keys: −  RSA or ElGamal. Hashing: −  DES, 3DES, AES and others. SHA-1, MD-5 and others. Signature: − RSA, DSS, ECDSA and others.
PGP Authentication This is a digital signature scheme with hashing. 1. Alice has (private/public) key pair (Ad/Ae) and she wants to send a digitally signed message m to Bob. 2. Alice hashes the message using SHA-1 to obtain SHA(m). 10
1. Alice encrypts the hash using her private key Ad to obtain ciphertext c given by c=pk.encryptAd(SHA(m)) 1. Alice sends Bob the pair (m,c) 1. Bob receives (m,c) and decrypts c using Alice's public key Ae to obtain signature s s=pk.decryptAe(c) 11
1. He computes the hash of m using SHA-1 and if this hash value is equal to s then the message is authenticated. Bob is sure that the message is correct and that is does come from Alice. Furthermore Alice cannot later deny sending the message since only Alice has access to her private key Ad which works in conjunction with the public key Ae. 12
13
PGP Confidentiality 14

Empfohlen

Email security
Email securityEmail security
Email security
Baliram Yadav
 
Email security
Email securityEmail security
Email security
Mohammed Hilal
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking
Salman Memon
 
Email security
Email securityEmail security
Email security
SultanErbo
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli
 
Email security
Email securityEmail security
Email security
kumarviji
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 

Empfohlen

Email security
Email securityEmail security
Email security
Baliram Yadav
 
Email security
Email securityEmail security
Email security
Mohammed Hilal
 
Email security - Netwroking
Email security - Netwroking Email security - Netwroking
Email security - Netwroking
Salman Memon
 
Email security
Email securityEmail security
Email security
SultanErbo
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
Rashmi Burugupalli
 
Email security
Email securityEmail security
Email security
kumarviji
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
Dr Raghu Khimani
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentation
Wan Solo
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
Yosef Gamble
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
drewz lin
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 Certificates
Sou Jana
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
Vi Tính Hoàng Nam
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
Dale Rapp
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Encryption
EncryptionEncryption
Encryption
vasanthimuniasamy
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 
Cryptography
CryptographyCryptography
Cryptography
Birmingham City University
 
Application Security
Application SecurityApplication Security
Application Security
florinc
 
Pgp
PgpPgp
Pgp
precy02
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
Sunita Kharayat
 
Pgp
PgpPgp
Pgp
Reham Maher El-Safarini
 
Mobile Email Security
Mobile Email SecurityMobile Email Security
Mobile Email Security
Rahul Sihag
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only
Topsec Technology
 

Weitere ähnliche Inhalte

Was ist angesagt?

Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
Yosef Gamble
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
drewz lin
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
Uday Meena
 
Application Security
Application SecurityApplication Security
Application Security
florinc
 

Was ist angesagt? (20)

E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Cyber security and emails presentation
Cyber security and emails presentationCyber security and emails presentation
Cyber security and emails presentation
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
 
Web security
Web securityWeb security
Web security
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 Certificates
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
Social engineering
Social engineering Social engineering
Social engineering
 
Encryption
EncryptionEncryption
Encryption
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Cryptography
CryptographyCryptography
Cryptography
 
Application Security
Application SecurityApplication Security
Application Security
 
Pgp
PgpPgp
Pgp
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
Pgp
PgpPgp
Pgp
 

Andere mochten auch

Mobile Email Security
Mobile Email SecurityMobile Email Security
Mobile Email Security
Rahul Sihag
 
Why is email security important?
Why is email security important?Why is email security important?
Why is email security important?
NeoCertified
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 
All about email
All about emailAll about email
All about email
estefana4
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
Jayaseelan Vejayon
 
Email - Electronic Mail
Email - Electronic MailEmail - Electronic Mail
Email - Electronic Mail
Peter R. Egli
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
Sarthak Patel
 

Andere mochten auch (20)

Mobile Email Security
Mobile Email SecurityMobile Email Security
Mobile Email Security
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only
 
Lecture 8 mail security
Lecture 8 mail securityLecture 8 mail security
Lecture 8 mail security
 
Why is email security important?
Why is email security important?Why is email security important?
Why is email security important?
 
Email Security Overview
Email Security OverviewEmail Security Overview
Email Security Overview
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 
Email Security and Awareness
Email Security and AwarenessEmail Security and Awareness
Email Security and Awareness
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep Badgujar
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
All about email
All about emailAll about email
All about email
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Email - Electronic Mail
Email - Electronic MailEmail - Electronic Mail
Email - Electronic Mail
 
Hacking
HackingHacking
Hacking
 
Email
EmailEmail
Email
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPT
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 

Ähnlich wie Email security

Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
drkelleher
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
Miigaa Mine
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
Abdulaziz Mohd
 

Ähnlich wie Email security (20)

PGP.ppt
PGP.pptPGP.ppt
PGP.ppt
 
Security
SecuritySecurity
Security
 
Computer Systems Security
Computer Systems SecurityComputer Systems Security
Computer Systems Security
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
Network Security CS2
Network Security CS2Network Security CS2
Network Security CS2
 
Network security
Network securityNetwork security
Network security
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
IS Security Presentation
IS Security PresentationIS Security Presentation
IS Security Presentation
 
Network Security
Network SecurityNetwork Security
Network Security
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
apsec SEPPmail Email Security Gateway
apsec SEPPmail Email Security Gatewayapsec SEPPmail Email Security Gateway
apsec SEPPmail Email Security Gateway
 
E-mail and Encryption
E-mail and EncryptionE-mail and Encryption
E-mail and Encryption
 
Ch15
Ch15Ch15
Ch15
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
 

Kürzlich hochgeladen

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Kürzlich hochgeladen (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Email security

  • 1. Email Security Eng.Ahmed Ali El-Kosairy eng.aelkosairy@gmail.com
  • 2. Threats  Threats to the security of e-mail itself − Loss of confidentiality E-mails are sent in clear over open networks  E-mails stored on potentially insecure clients and mail servers  − Loss of integrity  − − − No integrity protection on e-mails; body can be altered in transit or on mail server Lack of data origin authentication Lack of non-repudiation Lack of notification of receipt
  • 3. Threats Enabled by E-mail     Disclosure of sensitive information Exposure of systems to malicious code Denial-of-Service (DoS) Unauthorized accesses etc.
  • 4. What are the Options  Secure the server to client connections (easy thing first) − −  POP, IMAP over ssh, SSL https access to webmail Secure the end-to-end email delivery − − The PGPs of the world Still need to get the other party to be PGP aware
  • 5. Email based Attacks Buffer over-flow attack −  Fix the code Shell script attack − Scan before send to the shell Web bugs (for tracking) - Hardening the mail server
  • 6. Email SPAM   Cost to exceed $10 billion SPAM filtering − − − Content based – required hits White list Black list
  • 7. PGP      PGP=“Pretty Good Privacy” First released in 1991, developed by Phil Zimmerman Freeware: OpenPGP and variants: OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group. − www.ietf.org/html.charters/openpgp-charter.html Available as plug-in for popular e-mail clients, can also be used as stand-alone software.
  • 8. PGP  Functionality − −  Encryption for confidentiality. Signature for non-repudiation/authenticity. Sign before encrypt, so signatures on unencrypted data can be detached and stored separately.
  • 9. PGP Algorithms  Broad range of algorithms supported: Symmetric encryption: −  Public key encryption of session keys: −  RSA or ElGamal. Hashing: −  DES, 3DES, AES and others. SHA-1, MD-5 and others. Signature: − RSA, DSS, ECDSA and others.
  • 10. PGP Authentication This is a digital signature scheme with hashing. 1. Alice has (private/public) key pair (Ad/Ae) and she wants to send a digitally signed message m to Bob. 2. Alice hashes the message using SHA-1 to obtain SHA(m). 10
  • 11. 1. Alice encrypts the hash using her private key Ad to obtain ciphertext c given by c=pk.encryptAd(SHA(m)) 1. Alice sends Bob the pair (m,c) 1. Bob receives (m,c) and decrypts c using Alice's public key Ae to obtain signature s s=pk.decryptAe(c) 11
  • 12. 1. He computes the hash of m using SHA-1 and if this hash value is equal to s then the message is authenticated. Bob is sure that the message is correct and that is does come from Alice. Furthermore Alice cannot later deny sending the message since only Alice has access to her private key Ad which works in conjunction with the public key Ae. 12
  • 13. 13

Hinweis der Redaktion

  1. Story: mailing of patent list to academic mailing list.
  2. In fact PGP-processed data can be used with any transport protocol. PGP-processed message is simply placed Into e-mail client edit window.