Asymmetric Protocols and Certificates
teancum144
Member Posts: 229 ■■■□□□□□□□
in Security+
Do all asymmetric protocols use certificates? I'm just trying to categorize asymmetric protocols. Here is my understanding:
Requires certificates:
No certificate required:
I realize that I'm mixing protocols that implement asymmetric algorithms with the algorithms themselves. For example, although RSA may not require certificates, S/MIME, which uses RSA, does. This is my preliminary understanding. Any clarification is much appreciated.
Requires certificates:
- SSL
- TLS
- SSH
- S/MIME
- PGP/GPG
No certificate required:
- RSA
- Diffie-Hellman
- Elliptic Curve
I realize that I'm mixing protocols that implement asymmetric algorithms with the algorithms themselves. For example, although RSA may not require certificates, S/MIME, which uses RSA, does. This is my preliminary understanding. Any clarification is much appreciated.
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
Comments
-
paul78 Member Posts: 3,016 ■■■■■■■■■■RSA and elliptic curve aren't really protocols but algorithms, which as you pointed out is the algo used S/MIME and otherprotocols.
Asymmetric protocols do not always use certificates. For example, ssh does not require a certificate.
As you probably know, an asymmetric algo has 2 parts to a key, a private key and public key for each party. If both party trust a third party, then both parties can ask the third-party to sign their public key. The signed public key is what allows each party to trust each other's public key as belonging to the other party. This signed public key is commonly called the certificate. -
teancum144 Member Posts: 229 ■■■□□□□□□□Paul78, based on your feedback, the list should be modified as follows:
Requires certificates:- SSL (uses RSA)
- TLS (uses RSA)
- S/MIME (uses RSA)
- PGP/GPG (uses RSA and IDEA; or Diffie-Hellman and CAST)
No certificate required (but certain imlementations can require certificates):- RSA
- Diffie-Hellman
- Elliptic Curve
- SSH
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. -
paul78 Member Posts: 3,016 ■■■■■■■■■■Unfortunately, its not that simple. PGP for example can support certificates but it isn't a requirement. The same is true of ssh. The are ssh implementations that support the use of certificates as a means to sign the public key.
-
teancum144 Member Posts: 229 ■■■□□□□□□□After some additional research and paul78's insightful feedback, here is a revised list.
Protocols that require certificates:- SSL (uses RSA)
- TLS (uses RSA)
- S/MIME (uses RSA)
- SSH (may use any of the following: RSA, 3DES, Blowfish, IDEA, CAST128, AES256, etc.)
- PGP/GPG (uses RSA and IDEA; or Diffie-Hellman and CAST)
- RSA
- Diffie-Hellman
- Elliptic Curve
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. -
boredgamelad Member Posts: 365 ■■■■□□□□□□SSL and TLS support multiple crypto algorithms, not just RSA.
-
teancum144 Member Posts: 229 ■■■□□□□□□□Yeah, I'm mixing apples an oranges - sorry. My focus is really protocols that require certificates and the asymmetric algorithms typically used by them. I'll clean up the list as follows:
Protocols that require certificates:- SSL (typically uses RSA)
- TLS (typically uses RSA)
- S/MIME (typically uses RSA)
- SSH (typically uses RSA)
- PGP/GPG (typically uses RSA or Diffie-Hellman)
- RSA
- Diffie-Hellman
- Elliptic Curve
- El Gamal
- DSA
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post. -
paul78 Member Posts: 3,016 ■■■■■■■■■■That list makes more sense. And not to add complications, but most of those protocols typically use symmetric algorithms for the actual data encryption. Tne asymmetric algorithm is used to protect the random key used by the faster symmetric algo.
-
Anders4711 Member Posts: 6 ■□□□□□□□□□To be exact, Elliptic Curve is not an encryption scheme but the way the numbers for the RSA, Diffie-Hellman, and El Gamal keys, are calculated. Basically it is a different one-way function than the ones usually used, and it works a little bit better.
DSA is a signature scheme which uses El Gamal.
And as Paul mentioned, these encryption systems, RSA, etc, are only secure if they are used for key distribution. The actual payload encryption is done with symmetric keys. But performance is only one reason, security is the other, perhaps more important reason.
But I am pretty sure this is not needed knowledge for the Security+ exam.