Hash methods are not used for the encryption or decryption of data. Rather, their purpose is to generate some kind of data “fingerprint.” This fingerprint has a fixed length and represents a digest that uniquely belongs to the original data, nor is it reversible, i.e. there are practically no meaningful data matching the fingerprint. Therefore, hash methods are also called one-way functions. Hash methods are important for generating digital signatures, designed to reduce the document to be signed to its “fingerprint.“ Widely used hash algorithms are MD5, SHA1 or RipeMD.
For this type of encryption, the same key (the so-called „session key“) is used for both encryption and decryption of a given message. The major advantage of this family of methods lies in its high throughput which is attained both during encryption and decryption. The most widely known symmetrical algorithms are Triple DES (3DES), RC2 and RC4 as well as AES and IDEA. The essential disadvantage of symmetrical methods lies, however, in key management. Both sender and recipient have to agree on the same key, even if they never meet in person as a rule. It is precisely at this point that public key methods come in, which simultaneously form the basis for public.
Public Key Encryption
In contrast to symmetric methods, the public key method uses two different keys for encrypting and decrypting. Therefore the term asymmetric encryption is also used. Here, each user holds a pair of keys, consisting of a private key that must be kept secret at all costs, and a public key that may, or even must, be known to everyone involved. Supposing someone intends to send you an encrypted message, he or she only needs your public key, which is accessible to anyone. Using this public key, the data is then encrypted. Afterwards this key text can only be decrypted with the matching private key. As long as the private key actually remains accessible to the owner only the confidentiality of the overall system is preserved. The organizational distribution of public keys, and the assignment to their respective owners is handled by certification authorities (also called CA or trust centers).
The major advantage of public key algorithms lies in the substantially simplified distribution of keys because no secret information has to be transmitted. However, this advantage is come by at the expense of speed, as this type of algorithms is noticeably slower than those of the symmetrical methods. For this reason, symmetrical methods and public key methods are often combined into socalled hybrid methods which compile the advantages of either method: Messages are encrypted using a symmetrical method. The keys used in the process are called session keys. Then the session keys are encrypted once more, though this time using the recipient’s public key (the so-called “key wrapping”). The recipient initially decrypts the session key using the private key, then uses the former to decrypt the actual data.
The most widely known public key method is RSA, also used by the TCOS smart cards that
Digital signatures are utilized to verify identities. A digital signature ties a given message inalienably to its author’s identity. In this sense, digital signatures compare to handwritten signatures. The hash algorithms already introduced are inserted here in order to reduce the data payload to be signed to a certain quantity. Once the fingerprint of the message has been generated through the hash method, it is encrypted by using the owner’s private key. This results in a digital signature. Application of the private key by the owner guarantees that this process can be performed by no other person—provided the private key is accessible to the owner only, a fact which underlines the necessity of saving the private key securely inside a smart card.
Verification of a digital signature requires three things:
• the digital signature as such.
• the signed message in plain text.
• the public key of the person who issued the signature.
Initially, the digital signature is decrypted again with the help of the public key of the signed person. Since the public key is accessible to everyone, this operation may accordingly be performed by anyone. This results in turn in the fingerprint of the message. This fingerprint cannot be used, however, to reconstruct the original message. Rather, another approach is taken: the (separately communicated) message is reduced once again to its fingerprint by the verifying person, using the hash method. The fingerprint thereby obtained is now compared to the fingerprint contained in the previously decrypted message. If the two match, the digital signature is correct, in case of a mismatch it has to be rejected as invalid. Successful verification of a digital signature establishes whether a given message was in fact generated by the person who signed and whether it has been altered since the time of its generation.
In order to employ public key methods in a meaningful manner, the distribution of the public key must be regulated. Basically, a certificate represents nothing more than the assignment of a public key to the person that holds the corresponding private key. Extremely important is the correctness of this assignation, because the verification of digital signatures is after all effected with the help of these public keys, whereas the interpersonal relations are subject to faith. In order to prevent forgery of the assignment, the certificates are protected in turn against manipulation, using digital signatures. The certificates are issued by certification authorities, also called trust centers or CAs. The certification authorities publish a self-signed root certificate to render the validity of certificates verifiable.
Thus, certification authorities protect the integrity of public keys while smart cards protect private keys.
The internationally accepted standard for certificates was defined by the ITU (International
Telecommunications Union) under the name ITU-T X.509. A given X.509v3 certificate contains the following data:
• serial number of the certificate
• the signature-algorithm used
• name of the certification authority (issuing authority)
• expiration date
• name of owner (applicant)
• public key of owner
• information regarding the intended usage of the certificate, where applicable
• signature of the certification authority regarding the foregoing data.
A certification authority (subsequently also referred to with the acronym “CA“) is a trustworthy organization that issues certificates. Thus, the CA acts as warrantor for assigning the certificate owner’s identity to his or her public key. The CA publishes all certificates issued in the form of a directory service, thus offering access to the public keys to ayone.
The first thing a given user must do is to apply for a certificate at a CA of his confidence (or at the CA in charge, respectively). In general, this takes the following course:
1. A given user generates a new pair of keys him- or herself, consisting of a public and a private key.
2. Then the user generates an application for certification, containing at least his or her own name and his or her public key.
3. The application is sent to the CA.
4. Depending on the security level requested, the user may have to appear at the CA in person and produce official identification.
5. Using the data provided, the CA makes out a certificate and signs it with the CA’s private key.
6. The CA sends the completed certificate to the owner and publishes it in its directory service.
For some applications, the CA issues fully personalized smart cards, especially in the case of higher security levels. In these cases, the steps described may be skipped because the certificate and the private key both are already contained in the smart card. The security level of a given certificate (also called class) is essentially defined by the degree to which the user has identified him- or herself to the CA. For a certificate of a low security level, for instance, nothing except the user’s e-mail address is subjected to verification. High security levels require that users present themselves in person and identify themselves, presenting official ID-documents. Since this necessitates considerable administrative effort, ertificates of higher security levels are generally subject to fees and more expensive than those of lower security levels, some of which are even offered free of charge.