HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 101
Symmetric Cryptography
 |
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 101 highlights
There is a red X on the certificate, indicative of a security problem. In addition, there is a very specific error message: "This certificate cannot be verified up to a trusted certification authority." Here we see that the "Issued By" is entitled "RootCA". What the message is trying to say is that "RootCA", who issued the certificate "635n", is not trusted. A useful analogy is to think of the certificate issuer like the California Department of Motor Vehicles (DMV). Each state in the United States has a DMV run by the state's government. The DMV issues driver's licenses which grant the privilege to drive in a given state. A person that goes to the DMV to get a driver's license must pass a series of tests that helps the DMV determine if they are fit to drive on the state's roads. The state's Highway Patrol, a group which enforces the rules of the road, recognizes the validity of the DMV to issue driver's licenses. Therefore, if one violates one of the rules of the road and is pulled over by a Highway Patrol officer, showing a driver's license issued by the DMV is a requirement. The Highway Patrol will not recognize a driver's license issued by an institution other than the DMV as being valid. In short, the DMV is a trusted third party that issues "certificates" (driver's licenses) to individuals. These "certificates", issued by the DMV, are trusted by the Highway Patrol. The Security Alert dialog is troubling because it is indicative of a trust problem. In the terms of our analogy, it would be like a driver, who has been pulled over by the Highway Patrol, handing the officer a driver's license that the driver's mother wrote for him indicating that her son had been granted the privilege to drive in the state. While a note from mom may be trusted by her sister, it isn't trusted by the Highway Patrol. In essence, a digital certificate, one used by computers, binds an identity to a key and needs to be issued by a trusted third party. What is a key? A key is a secret that is used in cryptographic algorithms. There are public keys and private keys used for asymmetric cryptography and symmetric keys used for symmetric cryptography. Let's look at symmetric cryptography first. User Unencrypted Message Encryption Performed Message Delivery Decryption Performed User Unencrypted Message Figure 46 - Symmetric Cryptography 101
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96 -
97 -
98 -
99 -
100 -
101 -
102 -
103 -
104 -
105 -
106 -
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
 |
 |
