Wednesday 5 October 2016

cryptography, encryption and certificates

Cryptography, encryption and certificates

Data at rest (setting in memory or on hard disks)
Data in motion (moving through the network)

Managemnet plane - ASDM/web interface / CLI
Control Plane - Routing protocols, STP etc
Data plane - the packets passing etc

We need to protect both

Encryption - used to keep data confidential at rest or in motion
Keys - Data is encrypted with a key. The key is also used to decrypt the data.
Cipher text - data that has been encrypted
Clear text - the unencrypted data
Symmetrical vs Asymmetical
Symmetrical - 1 key is used to encrypt and decrypt the data (DES, 3DES, AES). Used for bulk encryption data on disks etc.
Asymmetrical - 2 keys known as a key-pair, higher CPU overhead, used with authentication.
data encrypted by key1 can only be decrypted by key2
data encrypted by key2 can only be decrypted by key1
key1 = private key
key2 = public key (public keys can be exchanged, then we encrypt with private key)
RSA, DSA


Hash/HMAC - Integrity, making sure it hasn't been manipulated along the way (MD5,SHA). We hash the data (math algorithm) which gives us a result known as a digest.
If we check the the hash and if it has been changed they will know. HMAC is used to secure the hash by putting a secret key in the HMAC. HMAC stops man in the middle attacks.

Digital signature - encrypted has of the private key is the digital signature
To digitaly sign you need public/private key pair setup
Data generate a hash
Encrypt the hash with the private key (digital signature)
Data+Encrypted hash is sent.
Data is hashed
Encrypted hash is decrypted with the public key from the sender
Compare the hash we calculated with the decrypted hash and make sure they match

pem format - files that end in the suffix ‘.pem’ or ‘.key’ or '.crt' usually are in this format. If you open the file in notepad it will have BEGIN CERT and END CERT and the top and bottom.

pkcs12 format - files often end in .pfx or .p12. The file will be unreadable by notepad (encrypted) it is created by combining the private key and the ca cert(intermediate) with a tool like openssl. Digicert prvides a tool for windows.


Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)