The current
pattern involves using asymmetric encryption for bootstrapping
the communication and securely sharing a symmetric session
key. Once the session key is known by both parties, it can be
used for protecting the communication using far fewer
resources. In the example mentioned previously, Alice would
generate a symmetric key and send it as the very ?¬?rst message to
Bob. Such a message would be secured via asymmetric encryption,
and hence it would be safe from Eve??™s attempt to intercept
it and would allow Bob to save the value of the session key.
Once both Alice and Bob know the session key, subsequent
messages between Alice to Bob will be secured by the much
faster symmetric session key and still be safe from Eve attacks
(see Figure 1-5).
The encryption key
can be known by
everybody
42 The Problem
Digital Signatures
We need to make one last effort in our attempt to understand
cryptography and that is to talk about digital signatures. A digital
signature is a procedure that protects a fragment of data from
tampering. When something is digitally signed, it is impossible
to apply any modi?¬?cation without invalidating the signature. If
the signature is performed using asymmetric keys, and the identity
of the keys??™ owner is known, it can also be used as a method
of guaranteeing the identity of who performed the signature
operation.
Pages:
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95