Cryptography - Key
Table of Contents
1 - About
Cryptographic keys are meant to be randomly generated by an algorithm whereas a password are meant to be created by human beings. See password
In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This is known as:
- Kerckhoffs' principle
only secrecy of the key provides security,
- or, reformulated as Shannon's maxim,
the enemy knows the system.
The widely used algorithm are well known. It's easier to replace a key.
An attacker who obtains the key can :
- recover the original message from the encrypted data,
- and issue signatures.
2 - Articles Related
3 - Usage
3.1 - Authentication
Key are used as authentication credential for automated processes
3.2 - Data Integrity
3.3 - Signature
Keys may also be used to sign digitally a document. Logically, this is the process underlying authentication because the signature authenticates the sender of the document. See digital signature schemes.
3.4 - Key exchange
Keys need to be distributed and their is a more secure scheme than to send a letter via postmail. See Cryptography - Key Exchange Algorithm
4 - Management
4.1 - Creation
4.1.1 - Password
Passwords were created to be memorized by human beings (low-entropy) where a key were created to be use in automated process by computer. They are too complex and random to be memorized.
Passwords are text whereas cryptographic keys are binary data (even if serialized and deserialized as text) and are generally not meant to input manually.
In a multi-factor authentication context,
- passwords are
something you know
- cryptographic keys are
something you have.
4.1.2 - Keypair
4.2 - Owner
To be able to tell a key's owner, public keys are often enriched with attributes such as:
- and similar identifiers.
The packed collection of a public key and its attributes can be digitally signed by one or more supporters.
The resulting object is called:
- In the PGP model, it is still called a “key”, and is signed by various people who personally verified that the attributes match the subject.
4.3 - Size
Selecting the Size of the Key, select the Strength of the crypto.
- For RSA, 2048 bits should currently be sufficient for most purposes.
- For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers equivalent security to RSA with smaller key sizes.)
- For Ed25519, the only valid size is 256 bits.
5 - Glossary
5.1 - Private
5.2 - Identity
-----BEGIN EC PRIVATE KEY----- MHcCAQEEIJWbvSW7h50HPwG+bWR3DXgQ6YhOxYbe0ifr1rRUvsUuoAoGCCqGSM49 AwEHoUQDQgAE34yHdT/dZ7hVi1XVCZZQUjMUtNR56CXUCjn9Aa0JEYBmfxvFf0qU KutYhIiNJgDAJqMgQZI8RnA80wGgrxcPxA== -----END EC PRIVATE KEY-----
5.3 - Authorized
Once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized_keys file. Such keys are called authorized keys. See authorized_keys
6 - Type
7 - Protocol