Infos
SSL and PGP
SSL and PGP using dual-key algorithm is used. Simplified, a key pair is first created when the encryption software is set up. The so-called public key (PK) is used to encrypt data (e.g., an e-mail with confidential content). However, unlike single-key encryption, the record can not be decrypted or translated in plain text using the same key. Only with the so-called secret key ("Secret Key", SK) matching the public key can the encrypted data record be restored to its original foCommon to both methods is that a dual-key algorithm is used. Simplified, a key pair is first created when the encryption software is set up. The so-called public key (PK) is used to encrypt data (e.g., an e-mail with confidential content). However, unlike single-key encryption, the record can not be decrypted or translated in plain text using the same key. Only with the so-called secret key ("Secret Key", SK) matching the public key can the encrypted data record be restored to its original form.
As an example of this method, user A sends user B a message which he encrypts with the public key of his correspondent B. User B can read the message with his secret key (SK).
The public key (PK) gets its name from the fact that it has to be distributed ("published") to encrypt messages to the call partners, so that they can encrypt the messages or or files with it. Only the recipient of the message can decipher the encrypted message again with his secret key. An unwanted listener ("network sniffer") who overhears the encrypted message and comes into possession of the public key can not decipher the message with this key.
Creating and verifying digital signatures works much like encryption and decryption. For a message or file, first a checksum is created, which this time is encrypted with the help of the secret key. The recipient of the message can decipher the encrypted checksum using the sender's public key and compare it with the checksum of the received file to see if the file has been modified and the sender's public key matches.
The weak point of this procedure lies in the trustworthiness of the public key. If the public key is exchanged during the transfer or handover to the caller by the public key of a third party (for example by manipulating the data transmission over insecure network connections), this third person can decipher the messages by means of their own secret key. Therefore, when handing over the public key to the call partners, it must be ensured that e.g. the checksums of the keys (using so-called fingerprints) can be compared by telephone or at a meeting in persona.
An SSL solution to the problem of verification is the addition of a "trusted organization" that digitally signs the public key and whose signature (= public key of this organization) is "built-in" in the user's software and thus difficult to manipulate. An example of this is the so-called "Root Certificate Authorities", which are integrated in Netscape Communicator and other browsers, and can be queried with the "Security Settings". A certificate is thus simply a digitally signed public key.
It depends on the personal sense of security, if and which Certificate Authority one trusts, and which public key one prefers to verify by fingerprint. However, especially when transmitting sensitive data (for example, credit card numbers, passwords, in-house information), care should be taken to avoid compromising the keys used for encryption. The personal comparison of the fingerprints is in any case a good basis.
NSEU provides support for setting up SSL and other implementations for encrypted data transfer and data integrity verificationrm.
We also Host and implement SSL and PGP Encryptions as well as secure your whois registrations.
As an example of this method, user A sends user B a message which he encrypts with the public key of his correspondent B. User B can read the message with his secret key (SK).
The public key (PK) gets its name from the fact that it has to be distributed ("published") to encrypt messages to the call partners, so that they can encrypt the messages or or files with it. Only the recipient of the message can decipher the encrypted message again with his secret key. An unwanted listener ("network sniffer") who overhears the encrypted message and comes into possession of the public key can not decipher the message with this key.
Creating and verifying digital signatures works much like encryption and decryption. For a message or file, first a checksum is created, which this time is encrypted with the help of the secret key. The recipient of the message can decipher the encrypted checksum using the sender's public key and compare it with the checksum of the received file to see if the file has been modified and the sender's public key matches.
The weak point of this procedure lies in the trustworthiness of the public key. If the public key is exchanged during the transfer or handover to the caller by the public key of a third party (for example by manipulating the data transmission over insecure network connections), this third person can decipher the messages by means of their own secret key. Therefore, when handing over the public key to the call partners, it must be ensured that e.g. the checksums of the keys (using so-called fingerprints) can be compared by telephone or at a meeting in persona.
An SSL solution to the problem of verification is the addition of a "trusted organization" that digitally signs the public key and whose signature (= public key of this organization) is "built-in" in the user's software and thus difficult to manipulate. An example of this is the so-called "Root Certificate Authorities", which are integrated in Netscape Communicator and other browsers, and can be queried with the "Security Settings". A certificate is thus simply a digitally signed public key.
It depends on the personal sense of security, if and which Certificate Authority one trusts, and which public key one prefers to verify by fingerprint. However, especially when transmitting sensitive data (for example, credit card numbers, passwords, in-house information), care should be taken to avoid compromising the keys used for encryption. The personal comparison of the fingerprints is in any case a good basis.
NSEU provides support for setting up SSL and other implementations for encrypted data transfer and data integrity verification