1,234
edits
Changes
→Encryption, Certificates, etc.
= Encryption, Certificates, etc. =
You've been using public key cryptography for your entire life (unless you were born before the 1990s). You've been setting up public key cryptography since at least OPS245. Let me encourage you to actually understand how that stuff works.
We don't have the time to do a comprehensive overview of cryptography, so I strongly encourage you to put the book '''Crypto''' by '''Steven Levy''' on your "must-read" list. You can borrow a copy from the Toronto Public Library. I have yet to see a better introduction to encryption. It's not a course reqirement - but if you don't want to be clueless about security fundamentals online - read that book and understand it. It is an engaging read, and it's perfectly readable even if you have no interest in math:
[[Image:crypto.jpeg|center|"crypto" by Steven Levy]]
In a nutshell, here are the most important points, the absolute minimum you need to be comfortable with this:
* Public key encryption (also called assymetric encryption) uses two keys: a public key and a private key.
* The two keys are permanently tied to each other by complex mathematics (read the book to get a feel for the fundamentals). You can't mix one public key with an unrelated private key.
* The private key is like your password, you never give it to anyone. The public key is of no value to attackers, so there's no point in trying to protect it.
* Anyone can encrypt something with the public key, but only the private key can be used to decrypt that.
* Anyone can verify that a file signed using the private key has not been modified except by the owner of the private key.
* A certificate is a public key typically signed by a third party's private key.
* Symmetric encryption only has one private key, no public key. That makes it very hard to use with strangers on the internet.
* Hashing is used a lot in cryptography, but it's not an encryption tool.
With those fundamentals you should be able to follow this diagram which describes how SSH key authentication works. The diagram is from [http://sebastien.saunier.me/blog/2015/05/10/github-public-key-authentication.html Sébastien Saunier's blog].:
[[Image:ssh_connection_explained.png|thumb|center|600px|A diagram explaining how public / Private keys work. Another term to represent this process is called '''PKI''' (Public/Private Key Infrastructure) ]]
== Certificate Authorities (CAs) ==
* certificates, CAs, relationship with DNS