iTP Secure WebServer System Administrator's Guide (Version 7.0)
Security Concepts
iTP Secure WebServer System Administrator’s Guide—523346-012
D-2
Authentication
If Capulet, Juliet’s father, were to intercept Romeo’s ciphertext during transmission, he
could not read Romeo’s message unless he could access Juliet’s decryption key or
broke the code by some other means.
Juliet’s decryption key might be the same secret key Romeo uses to encrypt his
messages to Juliet, or it might be the private component of a public/private key pair:
Romeo uses Juliet’s public key to encrypt his message, and then Juliet uses the
associated private key to decrypt it.
For a discussion about public keys, see Public Key Systems on page D-3.
Authentication
Authentication is encryption’s complement. While encryption ensures against
eavesdroppers, authentication ensures against imposters. Often, it is not enough to
check that only its intended receiver can read a message; there must also be a way to
verify that the sender of a message is in fact who he or she says they are. In fact, used
alone, encryption can make a message appear to be what it is not: an authentic
message from a authentic sender.
Authentication often employs digital signatures, which are pieces of data that function
for digital documents much as handwritten signatures function for printed documents.
Digital signatures are both unique and unforgeable. Many authentication systems,
therefore, consist of two parts: (1) a method of applying a unique, unforgeable digital
signature to a message and (2) a method of verifying the authenticity of a digital
signature that has been applied to a message.
Capulet, posing as Romeo, might send a message to Juliet. Capulet’s message might
even be encrypted, using Juliet’s public encryption key. However, when Juliet tests the
Figure D-1. Basic Encryption
A
B
C
Romeo
#
%
&
#
%
&
A
B
C
Encryption
Key
Juliet
Decryption
Key
VST020.vsd