Presentation on theme: "TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents Security of electronic communications Using asymmetric cryptography."— Presentation transcript:
WWW.TRUSTPORT.COM Keep It Secure Table of contents Security of electronic communications Using asymmetric cryptography Electronic signature, digital certificate Using public key infrastructure TrustPort public key infrastructure solutions TrustPort eSign Pro
WWW.TRUSTPORT.COM Keep It Secure Security of electronic communications Three main aspects Integrity of transferred data Authentication of the sender Confidentiality of transferred data Perils of unsecured communications Data tempering on the way from the sender to the recipient The real sender pretending to be someone else Unwanted disclosure of confidential data
WWW.TRUSTPORT.COM Keep It Secure Security of electronic communications Making the communications secure Data encryption Electronic signing
WWW.TRUSTPORT.COM Keep It Secure Making the communications secure Symmetric cryptography Based on a secret key Perfect for local data encryption Problematic distribution of the secret key Asymmetric cryptography Based on a private key and a public key Designed for remote data exchange Easy distribution of the public key New issues to be solved
WWW.TRUSTPORT.COM Keep It Secure Using asymmetric cryptography for encryption Anyone can encrypt and send data using public key Recipient only can decrypt data using private key Data Encrypted data Decrypted data encryptiondecryption Recipient‘s public key Recipient‘s private key
WWW.TRUSTPORT.COM Keep It Secure The key pair explained The keys are mathematically related Data encrypted by public key can be decrypted only by the owner of the private key Data encrypted by private key can be decrypted by anyone using public key The private key cannot be reverse engineered from the public key Big random number Public key Key generation algorithm Private key
WWW.TRUSTPORT.COM Keep It Secure Using asymmetric cryptography for signing DataHash value Encrypted hash value = electronic signature hash algorithm encryption sender‘s private key Data
WWW.TRUSTPORT.COM Keep It Secure Verification of electronic signature Hash values are identical … signature is valid Hash values are different … signature is not valid Hash value Encrypted hash value = electronic signature hash algorithm sender‘s public key Data decryption Decrypted hash value comparison
WWW.TRUSTPORT.COM Keep It Secure Advantages of electronic signature Authentication of the sender –no other person can create a valid signature of a document in the name of the sender Securing integrity of the data –the signed document cannot be modified without making the signature invalid Indisputability of the sender –the sender cannot deny the document was sent by him or her
WWW.TRUSTPORT.COM Keep It Secure Credibility of the electronic signature The credibility is based on the asymmetric encryption algorithm used. bit length of the encryption keys used. secure storage of the private keys.
WWW.TRUSTPORT.COM Keep It Secure Digital certificate A certificate is binding together a personal identity with a public key. Certificate parts Identification of the holder Serial number Identification of certification authority Validity period Public key of the holder
WWW.TRUSTPORT.COM Keep It Secure Registration and certification authority accepts requests for certificates, verifies the identity of the applicants, issues digital certificates guarantees the credibility of digital certificates maintains a certificate revocation list –each certificate has a limited validity period –a certificate may be revoked even before the end of validity period –on verification of an electronic signature, the certification authority checks the list of all revoked certificates Accredited certification authority is a certification authority recognized by the state. It can issue qualified digital certificates, applicable for legally binding communications with the public administration. Certification authority without accreditation can be used for internal purposes of a business or an institution.
WWW.TRUSTPORT.COM Keep It Secure Public key infrastructure explained Certification authority Registration authority Verification authority SenderRecipient Certificate, private key Request Request is OK Data message Signature Signature is OK Signature Certificate, public key
WWW.TRUSTPORT.COM Keep It Secure The use of public key infrastructure web applications mail clients office applications content management systems … TrustPort Public Key Infrastructure, built on long tradition of development and experience in the field of electronic signature
WWW.TRUSTPORT.COM Keep It Secure TrustPort Public Key Infrastructure Asymmetric encryption algorithms in use RSA (512 to 4096 bit), DSA (1024 bits), Elliptic curves (112 to 256 bits), Diffie-Hellman Symmetric encryption algorithms in use RC2 (40 to 128 bits), CAST128 (64, 80, 128 bits), BlowFish (64 to 448 bits), DES (56 bits), 3DES (168 bits), Rijndael (128, 192, 256 bits), TwoFish (128, 256 bits) Hash algorithms in use SHA1, SHA256, SHA384, SHA512, MD5, RIPEMD 160 Further specifications LDAP support, electronic signing and verification of PDF files, PDF encryption based on password and certificate, PDF timestamping
WWW.TRUSTPORT.COM Keep It Secure Solutions based on TrustPort Public Key Infrastructure Solutions for end users TrustPort eSign Pro (encrypting and signing files, verification of electronic signatures, timestamping files, safe storage of private keys and personal certificates) Solutions for businesses TrustPort Certification Authority (issuance and revocation of certificates, handling certificate requests, the core can run multiple certification authorities) TrustPort Timestamp Authority (issuance of time stamps, detection of exact time from independent sources, can be used in combination with the previous product)
WWW.TRUSTPORT.COM Keep It Secure Solutions based on TrustPort Public Key Infrastructure TrustPort PKI SDK enables development of applications using public key infrastructure easy import and export of certificates, certificate revocation lists, encryption keys safe storage of private keys and personal certificates –on the hard drive –on chip cards and flash tokens multitude of symmetric, asymmetric and hash algorithms extensive support of cards and tokens from different manufacturers optional modules miniCA, miniTSA –certification and timestamp authorities for internal corporate use
WWW.TRUSTPORT.COM Keep It Secure TrustPort eSign Pro Specific endpoint solution Signs electronic documents Encrypts documents reliably Enables time stamping Complete PDF support PDF signing PDF encryption PDF time stamping TrustPort eSign Pro
WWW.TRUSTPORT.COM Keep It Secure Recommended system requirements: Pentium 200 MHz or higher, Windows 2000 or higher, 64 MB RAM 20 MB HDD Supported systems: Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 TrustPort eSign Pro
WWW.TRUSTPORT.COM Keep It Secure TrustPort eSign Pro
WWW.TRUSTPORT.COM Keep It Secure Thank you for your attention!