This document provides an overview of the basic tools and techniques used for digital rights management (DRM), including symmetric and asymmetric encryption, hashing, digital signatures, and certificates. It explains how ciphers, hashes, public/private key pairs, and certificates work and are used together to provide authentication, integrity, and non-repudiation for securing digital content and communications. Specific examples are given to illustrate symmetric encryption, digital signatures, and the certificate signing request process.
14. The Math
1. Pick two large prime numbers P and Q
2. Multiply them together to form N = P*Q
3. Pick E, an odd number between 3 and N-1
that’s relatively prime to (P-1)(Q-1)
4. Compute D such that DE = 1 mod (P-1)(Q-1)
15. Do The Math
1. P = 11, Q = 13
2. Multiply them together to form N = 143
3. E = 7, which is not a factor of (P-1)(Q-1)=120
4. 7D= 1 mod 120 = 103
5. D = 103
Public Key is (143, 7) Private Key is (143, 103)
17. Encrypt(m) = mE mod PQ
Message is “99” (ascii code for “c”)
Encrypt(99) = 997 mod 143
Encrypt(99) = 93206534790699 mod 143
Encrypt(99) = 44
18. Decrypt(ciphertext) = message = cD mod(PQ)
m = 44103 mod 143
m =
18863647751783874097093622186761307641
67139589651012467002758103474511583590
0579054247760433265371183425069323507
066622936418037086042241347409034030
626680951825376477184 mod 143
m = 99
36. REM15M-‐CRAMERD:readium-‐lcp-‐server
cramerd$
openssl
req
-‐out
CSR.csr
-‐new
-‐newkey
rsa:2048
-‐nodes
-‐keyout
privateKey.key
Generating
a
2048
bit
RSA
private
key
...........................................+++
.+++
writing
new
private
key
to
'privateKey.key'
-‐-‐-‐-‐-‐
You
are
about
to
be
asked
to
enter
information
that
will
be
incorporated
into
your
certificate
request.
What
you
are
about
to
enter
is
what
is
called
a
Distinguished
Name
or
a
DN.
There
are
quite
a
few
fields
but
you
can
leave
some
blank
For
some
fields
there
will
be
a
default
value,
If
you
enter
'.',
the
field
will
be
left
blank.
-‐-‐-‐-‐-‐
Country
Name
(2
letter
code)
[AU]:CA
State
or
Province
Name
(full
name)
[Some-‐State]:Ontario
Locality
Name
(eg,
city)
[]:Toronto
Organization
Name
(eg,
company)
[Internet
Widgits
Pty
Ltd]:ebookcraft
appreciation
society
ltd
Organizational
Unit
Name
(eg,
section)
[]:
Common
Name
(e.g.
server
FQDN
or
YOUR
name)
[]:ebookcraftrocks.com
Email
Address
[]:
Please
enter
the
following
'extra'
attributes
to
be
sent
with
your
certificate
request
52. –The Statute of Anne, 1710
Whereas Printers, Booksellers, and other
Persons, have of late frequently taken the
Liberty of Printing, Reprinting, and Publishing,
or causing to be Printed, Reprinted, and
Published Books, and other Writings, without
the Consent of the Authors or Proprietors of
such Books and Writings, to their very great
Detriment, and too often to the Ruin of them and
their Families: For Preventing therefore such
Practices for the future, and for the
Encouragement of Learned Men to Compose
and Write useful Books; May it please Your
Majesty, that it may be Enacted…
55. –Defective by Design
“the practice of imposing technological
restrictions that control what users can
do with digital media.”
56. ebook DRM systems
Scheme Users
Apple FairPlay iBooks
Kindle Kindle
Adobe
B&N, Kobo, Overdrive,
Google Play
Sony UMRS Numilog (France)
Readium LCP just getting started
58. Readium LCP Goals
• Avoid vendor lock-in
• Support library use cases
• Relatively simple and inexpensive to operate
• Support for a11y
• Allow offline use; still function if a provider goes
out of business
75. Free Advice
Who Are You? What Should You Do?
Library
Use DRM, but make it as user-friendly as
possible.
Trade Publisher
Screw DRM. Make it easier to buy your
books than pirate them. Look at
watermarking.
Put books on the web.
Educational Publisher
You already made a pact with the Devil.
Use DRM.
Legislator, lobbyist, rule-
maker, judge
Hang your head in shame.