vagabond/the-internet-vagabond-dot-com
1
0
Fork 0
Code Issues 3 Pull requests Projects 2 Activity Actions

New article! My second part on TLS.

Browse source
This commit is contained in:
Bill Niblock 2015-11-10 13:33:10 -05:00
parent 6c8aed872c
commit 0aa444459c
2 changed files with 54 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
_posts/2015-01-01-Ireland-Log.html Executable file → Normal file
View file

58
_drafts/TLS_Writeup2.html → _posts/2015-11-10-TLS-Part-2.html
View file

@ -16,15 +16,61 @@
authentication.</p> authentication.</p>
<h2>Certificates</h2> <h2>Certificates</h2>
<p>A certificate is a vessel for a server to provide authentication <p>A certificate is a vessel for a domain to provide authentication
information. </p> information. More specifically, and perhaps most importantly, a certificate
is the package which transfers a key. TLS relies entirely upon Public-Key
Authentication to setup a secure connection. The challenge with Public-Key
Authentication is often sharing keys in a verifiable and secure manner.
This is to say that, despite public keys being public, you still need to
verify the owner of the key. This is where certificates, and Certificate
Authorities come in. Each certificate is tailored to a specific domain. It
includes not only the public key for a user to connect to the server with,
but also meta-data about the certificate: a UUID, and information about the
Certificate Authority; a signature authorizing the certificate, as well as
the encryption used for the signature; a thumbprint of the key, and details
of the algorithm used to hash the key; and a purpose for the certificate.
Certificates may contain additional details, but the aforementioned list is
required.</p>
<p>A Certificate Authority (CA) is a trusted third-party repository of
signed keys. The purpose of a CA is very specific: verification. A CA will
generate and issue a key-pair to a domain. The domain can then share the
public key using a certificate. How specifically a CA verifies the domains
and keys is out of scope of this discussion, but Wikipedia provides many
details on the techniques used.</p>
<h2>Cipher Suites</h2> <h2>Cipher Suites</h2>
<p>A cipher is the algorithm used to encrypt the information <p>A cipher is the algorithm used to encrypt information. Ciphers are
to be transmitted.</p> incredibly complex mathematical formulae, and are well beyond my
understanding. However, it is important to note that the strength of a key
is only as strong as the cipher suite used to generate it. Likewise, the
strength of a certificate is only as strong as the cipher used to sign
it. Keep this in mind when you generate and work with keys.</p>
<h2>Public-Key Authentication</h2> <h2>Public-Key Authentication</h2>
<p>Big topic, very important!</p> <p>The most important part of TLS is public-key authentication. I would
argue that public-key authentication is one of the most important facets of
the technical world. Because of this, I want to recap in more general terms
how public-key authentication works:</p>
<ol>
<li>Two parties want to establish a secure connection.</li>
<li>Each party generates two keys: one to share publicly, one to keep
secret.</li>
<li>Each party then shares their public keys.</li>
</ol>
<p>Now, whenever one of the two parties wants to securely communicate with
the other, they "sign" (encrypt) the communication with their private key.
The second party can then use the public key of the first party to verify
the identify of the sender, and decrypt the message.
<h2>Conclusion</h2>
<p>Security is a very deep and involved topic, but one I feel every
Sys-Admin should know a bit about. While these posts are only meant to serve
as a high-level overview of TLS, there are many more-detailed sources
available. I would suggest a visit to your local Wikipedia as a good first
step. Thanks for reading.</p>
<h3>Sources</h3> <h3>Sources</h3>
<ol> <ol>
@ -49,7 +95,7 @@
<!-- Notes (because why remove them?) <!-- Notes (because why remove them?)
Asymmetric Key Authentication: Asymmetric Key Authentication:
- Relies on two keys: Public key, Private key - Relies on two keys: Public key, Private key
- Both keys are related, but impossible (computationally infeasable) to - Both keys are related, but impossible (computationally infeasible) to
identify the private key based on the public key [1][2] identify the private key based on the public key [1][2]
- The public key can be distributed publicly - The public key can be distributed publicly
- Used to encrypt message to the owner of the private paired key - Used to encrypt message to the owner of the private paired key