Active Directory 1 in .NET framework
Active Directory 1 QR Code 2d Barcode Generation In .NET Using Barcode drawer for Visual Studio .NET Control to generate, create QR Code JIS X 0510 image in Visual Studio .NET applications. www.OnBarcode.comRecognizing QR Code In Visual Studio .NET Using Barcode decoder for .NET Control to read, scan read, scan image in Visual Studio .NET applications. www.OnBarcode.comPublic Key 2 3 4
Bar Code Creator In .NET Using Barcode drawer for Visual Studio .NET Control to generate, create barcode image in .NET framework applications. www.OnBarcode.comDecode Barcode In Visual Studio .NET Using Barcode decoder for Visual Studio .NET Control to read, scan read, scan image in Visual Studio .NET applications. www.OnBarcode.comPlain Text
Making QR In Visual C#.NET Using Barcode printer for Visual Studio .NET Control to generate, create QRCode image in VS .NET applications. www.OnBarcode.comQR Generator In .NET Framework Using Barcode maker for ASP.NET Control to generate, create QR image in ASP.NET applications. www.OnBarcode.comRecipient's Public Key
QR Code JIS X 0510 Creator In Visual Basic .NET Using Barcode generation for Visual Studio .NET Control to generate, create QR Code JIS X 0510 image in .NET applications. www.OnBarcode.comPrinting EAN128 In .NET Framework Using Barcode drawer for .NET Control to generate, create GS1 128 image in VS .NET applications. www.OnBarcode.comCipher Text
GS1 DataBar14 Generator In VS .NET Using Barcode drawer for .NET framework Control to generate, create GS1 RSS image in .NET framework applications. www.OnBarcode.comMaking Data Matrix 2d Barcode In VS .NET Using Barcode creator for VS .NET Control to generate, create Data Matrix 2d barcode image in Visual Studio .NET applications. www.OnBarcode.comRecipient's Private Key
Matrix Barcode Generator In Visual Studio .NET Using Barcode creation for Visual Studio .NET Control to generate, create Matrix Barcode image in Visual Studio .NET applications. www.OnBarcode.comNW7 Encoder In VS .NET Using Barcode encoder for .NET Control to generate, create Code 2 of 7 image in .NET applications. www.OnBarcode.comPlain Text
PDF417 Maker In VB.NET Using Barcode creator for VS .NET Control to generate, create PDF417 2d barcode image in VS .NET applications. www.OnBarcode.comBarcode Creator In Java Using Barcode encoder for Java Control to generate, create barcode image in Java applications. www.OnBarcode.comFigure 12 excel code 39 free Using Barcode creator for Microsoft Excel Control to generate, create USS Code 39 image in Office Excel applications. free barcode generator software excel excel code 39 free www.OnBarcode.comGenerate PDF 417 In Java Using Barcode maker for Java Control to generate, create PDF 417 image in Java applications. www.OnBarcode.comThe asymmetric encryption process
Code 128 Code Set C Recognizer In C# Using Barcode reader for .NET Control to read, scan read, scan image in .NET applications. www.OnBarcode.comPainting Code 128 Code Set B In Java Using Barcode encoder for Java Control to generate, create Code128 image in Java applications. www.OnBarcode.comPart I: Foundations of PKI
Print QRCode In ObjectiveC Using Barcode generation for iPhone Control to generate, create QR Code image in iPhone applications. www.OnBarcode.comMaking USS Code 39 In Java Using Barcode printer for Java Control to generate, create Code39 image in Java applications. www.OnBarcode.com1. The data sender obtains the recipient s public key. This can be sent to the data originator by the recipient or retrieved from a directory, such as Active Directory. 2. The plaintext data is passed through an asymmetric encryption algorithm, using the recipient s public key as the encryption key. The encryption algorithm creates the encrypted ciphertext. 3. The ciphertext is sent or made available to the recipient. There is no need to send the key, as the recipient already has the private key required to decrypt the ciphertext. 4. The recipient decrypts the ciphertext with his or her private key, and the resulting plaintext is the original plaintext created by the data originator. Important It is very rare for an application to only use an asymmetric encryption algorithm. Typically, the data is encrypted with a symmetric algo rithm, and then only the symmetric encryption key is encrypted with the asymmetric encryption algorithm. This combination is discussed later in this chapter in the section titled Combining Symmetric and Asymmetric Encryption. Asymmetric Signing Process
Asymmetric algorithms can be used to protect data from modification and prove the data creator s identity. In this scenario, the public and private key roles are reversed, requiring use of the originator s key pair. Note Proof of the originator s identity is accomplished because only the originator has access to the private key of the key pair. Of course, this is subject to the method used to protect the originator s private key. A hardwareprotected private key, such as a private key stored on a smart card, provides more assurance than a private key stored in the user s local certificate store. Figure 13 shows how asymmetric signing proves the sender s identity and prevents the data from being modified. 1: Basics of Cryptography
Active Directory 3 4
Public Key 1 2 4
Plain Text
Private Key
Cipher Text
Public Key
Plain Text
Figure 13 The asymmetric signing process
1. The plaintext data is passed through an asymmetric encryption algorithm, using the originator s private key as the encryption key. The result of the encryption algorithm is the encrypted ciphertext. 2. The ciphertext is sent or made available to the recipient. 3. The data recipient obtains the originator s public key. The public key can be sent with the ciphertext, or the recipient can obtain the public key from a trusted source, such as a directory. 4. The recipient decrypts the ciphertext with the originator s public key. The resulting plaintext is the original plaintext created by the data originator. Decryption by the public key of the originator s key pair proves that the data was created by the originator. It also proves that the data was not modified in transit, as any modification results in a decryption process failure. Asymmetric Algorithms
The following asymmetric algorithms are used in PKIenabled applications when encrypting or digitally signing data. DiffieHellman key agreement. This algorithm is not based on encryption and decryption but instead relies on mathematical functions that enable two parties to generate a shared secret key for exchanging information online confidentially. When the DiffieHellman key agreement is used between two hosts, the two hosts agree on a public value (v) and a large prime number (p). Each Part I: Foundations of PKI
host chooses his or her own secret value and, using their three inputs (the public value, the prime number, and their secret value), they arrive at a public value that can be exchanged. These two public values are used to calculate a shared secret key used by both hosts to encrypt data sent between them. Rivest Shamir Adleman (RSA). This algorithm can be used for encrypting and signing data. The encryption and signing processes are performed through a series of modular multiplications. The security of the RSA algorithm can be increased by using longer key lengths, such as 1,024 bits or higher the longer the key length, however, the slower the encryption or signing process. Note Both DiffieHellman and RSA can be used for key exchange, allowing secure transmission or negotiation of a symmetric key between the data originator and recipient. Digital Signature Algorithm (DSA). This algorithm can be used only for signing data; it cannot be used for encryption. The DSA signing process is performed through a series of calculations based on a selected prime number. Although intended to have a maximum key size of 1,024 bits, longer key sizes are now supported.

