We know digital signatures are focused on and we've talked about them already. The use of and the requirements for authentication, non-repudiation, and/or data integrity. Who are we? We can verify that with a digital signature. Did we definitely do something and was it us? We can verify that with a digital signature. Does the data have integrity; has not been compromised, has not been modified? We can validate that with a digital signature. All of those things are ascribed to the digital signature as functionality elements as things that the digital signature provides for. You should make sure you know as you study and review what digital signatures provide. Very important for you to be aware of the things the digital signatures are capable of doing. The process for digitally signing an email. We've been through this already, showed you diagrams about it, talked about how it's going to work. Just want to remind you, thought summarizing it again, giving you a little step by step process will be a good way to summarize and let you summarize as you're studying. So take a look with me here if you would. Message is captured, information uniquely identifying the sender is received, rather retrieved, excuse me, signing operations performed, digital signatures appended, message is sent. So in effect, what we've done is we've just walked through and captured the message and digitally signed it. Now what we're actually doing, right, if you remember, is we're digitally signing it with the senders private key. Because then the public key, that matches the sender's private key, is going to be able to validate that the private key was used to sign. And the thought process is, that the holder of the private key, if kept secure, can only be one person. So since the public key matches it, must've been Adam that sign the message and that's indeed what happens. How do we verify that digital signature of an e-mail message? You can see here I just ran you through the process, and effectively this is what we do. Message is received. Digital signature is retrieved, taken out of the message block. Message is retrieved, we'll get the message as well. Information identifying the sender is retrieved. Signing operations performed on the message, using the public key to validate. Digital signature included with the message is compared to digital signature produced on receipt. We compare the hash of the signature to the hash of the public key that's used to compare. And if the two hashes match, then we know that we're good. The two hashes don't match, sorry. Right. No match. If that happens, then what? Somebody else's private key was used to sign. It was me. And now we can tell because we used the wrong public key to figure it out. The digital signatures match. The message is out. It's very simple check. So this is how we actually establish the authenticity, the integrity, and the identity of the individual who sent it. When we encrypt messages, we know we're focused on confidentiality. We may be focused on integrity, but our primary focus is really confidentiality. So we're going to make sure that we can't modify the data and see it in any way unless we have rights to and then we can see the key. So, what's the process for encrypting? Well, we've been through this as well, right? We're going to use our private key or our public key, if we're in a key parent penny of what we're doing. We're digitally signing we're using our private key. If we want to send a message securely, an encrypted message to a recipient, using a public private key pair, we're going to use the recipients public key to do the encryption, so that way only their private key can decrypt. If we are in a private key symmetric key-only system, and we securely encrypt the data, we have to now figure out how to safeguard that key and transmit it to let you decrypt it. So, it depends on what we're doing. So, we're going to go ahead. We're going to encrypt. And then when we're done, how do we decrypt? Well, decrypting is not too difficult. We simply have to use the recipients' private key, matching it to the public key that was used to send the message, recipient should already have the private key. When they do that, assuming that they got the right message, it should be able to be decrypted. If I inadvertently get a message meant for somebody else and I try to decrypt it with my private key, then my private key doesn't match with their public key, that will not work. So, I just want to make sure we know that as well. And that'll help us to understand what we're doing here. So, we looked at the process for signing. Looked at the process for encrypting and decrypting. Want to make sure we're comfortable with that. As we said and understand how that works. Very important. And then we can think about said here what's called a triple wrapped message, right? Triple wrapped S/MME message is signed, encrypted, and signed again. Because if one is good, two is better, and three is best of all, is what we think. And so, think about the logic. If we sign it, we encrypt it. And then we sign it again, we're adding an additional layer of security, and an additional layer of authenticity, so that we can verify that the person that encrypted is also the person that signed. Because once we signed the first time, we're encrypting the signature and the message. We're then going to sign again to validate that we just not only signed originally and encrypted, but we're actually the person that did both. And by signing again we're validating that. So, it's actually them to give an extra layer of protection for us. So, something called a triple-wrapped message sounds like it could be the lunch special for Monday afternoon at the pub or something, right? I want the triple-wrapped message, right? So, we're going to be able to have that extra layer of security. Make that with fries by the way. Everything's always better with fries. As we move into our review here, just by way of getting ready to wrap up, we're just about done their conversations in the cryptography knowledge area, got a quick little secure protocol review for us to do. Going to go ahead and do that. I'll take just a minute to let you quietly review that in just a second. Remember, as soon as we're done here, we're going to be done with our conversations in this area. It's very important knowledge area, want to spend some time go back and review and make sure you understand everything here. Could be real difficult for you to pass this exam if you don't understand the mass of the material in this area, in particular. It's same for all areas, certainly, but especially in this one. A lot of really critical stuff here. A lot of good stuff. So, go back take a little time after we're done. Soon as you're done with that, you'll come on back and continue our conversations. Look ahead to our next knowledge area. Be talking about [inaudible] telecommunications conversations a little bit. Bits and bytes, OSI model, TCP, IP, switches, routers, all sorts cool stuff. We'll go through all that. But first, let's review our questions here. Take a quick moment. Make sure you're comfortable with them. Let's get the answers. Come on back and review with me and then we'll wrap up. Let's take a look at the answers to the questions. Question number one. What security services are provided through or by message encryption? Confidentiality and data integrity. What security capabilities do digital signatures provide? Authentication, non-repudiation, and data integrity. We spent some time talking about that. Question number three. What are some benefits of SSL and/or TLS? Strong authentication, message privacy and integrity. Inoperability. Flexibilities. Deployment.and ease of use. Remember things like SSL can be used to do message wrapping. We talked on message wrapping and wrapping the solution, and providing additional layers of security. TLS transport layer security is what slowly but surely is taking over for SSL, is kind of next gen technology, but it's a similar concept. Allows us to safeguard and secure that information once we've encrypted it with yet another layer of protection. So, as we wrap up our conversations here, inside the cryptography domain, want to make sure we're comfortable with all the ideas we've discussed. As I said, take the time to review. When you feel you've gone through everything, got all your notes set up, you're all set ready to go, come on back and see me as they say. We'll go ahead and we'll start our discussions in the networking area. We'll have a lot of really interesting stuff to talk about there. And I look forward to seeing soon.
