iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

411

412

413

414

415

416

417

418

419

420

Security Concepts

iTP Secure WebServer System Administrator’s Guide—523346-002

D-3

Cryptographic Techniques

Because digital signatures cannot be forged, they cannot be repudiated. That is,

anyone who applies his or her digital signature to a message cannot later disown it by

claiming forgery.

Cryptographic Techniques

This section introduces the two primary cryptographic techniques:

•

Secret Key Systems on page D-3

•

Public Key Systems on page D-3

Secret Key Systems

In secret key systems, the sender and receiver of a message each use the same

secret key. The sender uses it to encrypt a message, and the receiver uses it to

decrypt this message. This method is simple and straightforward, but it has an inherent

vulnerability.

Key Vulnerability

The secret key system is inherently vulnerable in that both parties must possess the

same key. In other words, the same key must be communicated between both parties

without anyone else coming into possession of it, either inadvertently or through

sinister intent. If these parties are proximate, the chance of compromise is not a large

one. However, if the parties are in separate physical locations, which is most often the

case, they must entrust a third party, such as a telecommunications system, to

distribute the secret key between both parties without anyone else coming into

possession of it.

Key Management

The effort to protect and control keys is called key management (see Secure Sockets

Layer (SSL) on page D-7). Key management is of paramount importance in secret key

cryptography because of the inherent vulnerability of keys.

Public Key Systems

In public key systems, each party is assigned a pair of keys: a public key and an

associated private key. The owner of a key pair distributes her public key to any sender

wishing to communicate privately with her, while retaining, and keeping absolutely

secret, her private key (see Figure D-2 on page D-4). The sender uses the owner’s

public key to encrypt his message; the owner then uses her private key to decrypt it.

In other words, in public key systems, only half of the encryption mechanism (the

public key) is shared among the parties to a communication; the other half (the private

key) never leaves the possession of its owner. Neither key is of any value without the

other.