Cryptography - Public Key Authentication

> Software Security > Cryptography - Key

1 - About

Public key authentication is a authentication method where the keys are used as authentication credential for:

Authentication is implemented though digital signature which is a functionality of the public key scheme. See digital signature verification.

See also:

Advertising

3 - Concept

3.1 - Key

  • the private key remains (only) with the user (The possession of this key is proof of the user's identity. Only a user in possession of a private key that corresponds to the public key at the server will be able to authenticate successfully.
  • the public key are stored on the server in a file known as the SSH - Authorized Keys file (on Server)

For the procedure. see Digital signature procedure

3.2 - Key Manager

The KeyManager is a program (or function) that decides which authentication credentials should be sent to the remote host for authentication during SSL handshake.

4 - Two-factor

You can configure an application (such as a web site) so that any user wishing to connect is required to provide:

5 - Key

5.1 - Identity

The private keys are the identity key.

It then need to be stored and handled carefully, and no copies of the private key should be distributed. The private keys used for user authentication are called identity keys.

Advertising

5.2 - Authorized

For instance, once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized_keys file. Such keys are called authorized keys.

6 - Procedure

7 - Type

7.1 - Server

  • The server authenticate him-self to the client by sending a digital certificate (signed normally by a well known trusted CA).
  • The client verifies it

7.2 - Mutual

  • Mutual Authentication, in addition to server authentication, the client also has to present its certificate to the server.
  • The server verifies it
  • If both server and client authenticated themselves, then authentication is a success.

8 - Documentation / Reference

Advertising
security/key/authentication.txt · Last modified: 2019/04/27 14:18 by gerardnico