Asymmetric Protocols and Certificates

teancum144 · January 2013

Do all asymmetric protocols use certificates? I'm just trying to categorize asymmetric protocols. Here is my understanding:

Requires certificates:

SSL
TLS
SSH
S/MIME
PGP/GPG

No certificate required:

RSA
Diffie-Hellman
Elliptic Curve

I realize that I'm mixing protocols that implement asymmetric algorithms with the algorithms themselves. For example, although RSA may not require certificates, S/MIME, which uses RSA, does. This is my preliminary understanding. Any clarification is much appreciated.

paul78 · January 2013

RSA and elliptic curve aren't really protocols but algorithms, which as you pointed out is the algo used S/MIME and otherprotocols.

Asymmetric protocols do not always use certificates. For example, ssh does not require a certificate.

As you probably know, an asymmetric algo has 2 parts to a key, a private key and public key for each party. If both party trust a third party, then both parties can ask the third-party to sign their public key. The signed public key is what allows each party to trust each other's public key as belonging to the other party. This signed public key is commonly called the certificate.

teancum144 · January 2013

Paul78, based on your feedback, the list should be modified as follows:

Requires certificates:

SSL (uses RSA)
TLS (uses RSA)
S/MIME (uses RSA)
PGP/GPG (uses RSA and IDEA; or Diffie-Hellman and CAST)

No certificate required (but certain imlementations can require certificates):

RSA
Diffie-Hellman
Elliptic Curve
SSH

paul78 · January 2013

Unfortunately, its not that simple. PGP for example can support certificates but it isn't a requirement. The same is true of ssh. The are ssh implementations that support the use of certificates as a means to sign the public key.

teancum144 · January 2013

After some additional research and paul78's insightful feedback, here is a revised list.

Protocols that require certificates:

SSL (uses RSA)
TLS (uses RSA)
S/MIME (uses RSA)

Protocols where certificates are optional

SSH (may use any of the following: RSA, 3DES, Blowfish, IDEA, CAST128, AES256, etc.)
PGP/GPG (uses RSA and IDEA; or Diffie-Hellman and CAST)

Algorithms which may be used in protocols that require certificates:

RSA
Diffie-Hellman
Elliptic Curve

boredgamelad · January 2013

SSL and TLS support multiple crypto algorithms, not just RSA.

teancum144 · January 2013

Yeah, I'm mixing apples an oranges - sorry. My focus is really protocols that require certificates and the asymmetric algorithms typically used by them. I'll clean up the list as follows:

Protocols that require certificates:

SSL (typically uses RSA)
TLS (typically uses RSA)
S/MIME (typically uses RSA)

Protocols where certificates are optional

SSH (typically uses RSA)
PGP/GPG (typically uses RSA or Diffie-Hellman)

Common asymmetric algorithms which may be used in protocols that require certificates:

RSA
Diffie-Hellman
Elliptic Curve
El Gamal
DSA

paul78 · January 2013

That list makes more sense. And not to add complications, but most of those protocols typically use symmetric algorithms for the actual data encryption. Tne asymmetric algorithm is used to protect the random key used by the faster symmetric algo.

Anders4711 · January 2013

To be exact, Elliptic Curve is not an encryption scheme but the way the numbers for the RSA, Diffie-Hellman, and El Gamal keys, are calculated. Basically it is a different one-way function than the ones usually used, and it works a little bit better.

DSA is a signature scheme which uses El Gamal.

And as Paul mentioned, these encryption systems, RSA, etc, are only secure if they are used for key distribution. The actual payload encryption is done with symmetric keys. But performance is only one reason, security is the other, perhaps more important reason.

But I am pretty sure this is not needed knowledge for the Security+ exam.

Asymmetric Protocols and Certificates

Comments