HP CM8000 Practical IPsec Deployment for Printing and Imaging Devices - Page 103

Cool! We get the flexibility of asymmetric cryptography and the speed of symmetric cryptography. Now we only have to solve the trust problem. In order to solve the trust problem, five things will need to be discussed: • A certificate authority - a trusted third party that creates digital certificates from certificate requests • A certificate request - a public key associated with identity information that will serve as that basic building block for a digital certificate that the certificate authority will create and sign. • A digital certificate - a public key associated with identity information that is digitally signed by the certificate authority. • A digital signature - the hash of the digital certificate encrypted by the private key of the certificate authority. • A hash - also known as a message digest. A hash is the output of a one way function that attempts to ensure the integrity of the message (i.e., that the message has not been altered). It is usually combined with authentication information to ensure that the message originator can be authenticated and that the integrity of the message has not been disrupted. You can think of a hash like an advanced checksum or an advanced cyclic redundancy check (CRC). Let's cover hashes and digital signatures first. We'll assume that Jack wants to send John a message. Jack wants to make sure that John knows the message came from him and that the message was not altered in transit. However, Jack doesn't care about confidentiality - in other words, the actual message can be sent "in the clear" - but does care about authentication and integrity. We can accomplish this through hashes and digital signatures. 103