LIGHT WEIGHT, RESOURCE INTENSIVE

RECALL:
BOB SHULD SHARE PUBLIC KEY TO ALICE
ONLY PERSON WHO CAN DECRYPT IS BOB

DIFFIE HELLMAN
SECURING THE KEYS WITHOUT STORING THEM
RSA – PUBLIC PRIVATE KEY
TAKE X,Y WHICH SHULD BE A PRIME NUMBER
SHARE WITHOUT ENCRYPTION TO BOB
EVE ALSO KNOWS X AND Y

PUBLIC = XPRIVATE KEY MOD Y

TAKE PRIVATE KEY = 3

X=2 Y=7

23 mod 7

8%7

Public key of alice – 1

Similarly for bob

THEN THE PUBLIC KEYS ARE SHARED TO EACH OTHER

EVE ALSO KNOWS THIS

CALCULATING THE SHARED SECRET

PUBLIC_BOB PRIVATE_ALICE MOD Y

BOTH WILL END UP WITH SAME SHARED SECRET

FILE.TXT ENCRYPTED SENT TO BOB THEN DECRYPTED USING SHARED SECRET

27.03.23

Hash cannot be reversed

Hash collision
When two inputs have same hash format
MD5 a type of hash algorithm 32 characters
SHA1 40 characters
SHA2 64 characters

mv command to rename a file

create a file
sh hash.sh
sh sendfile.sh

in bob
compare the hash of new file with sent file using cat

if the content is tampered then hash differs

drawback
similarly
Use HMAC

DIGITAL SIGNATURE
Hash encrypted with private key – digital signature

Sh gen priv key

.pem format
Sh gen pub key

Sh sendfile.sh
Send public key to bob

Sh sign.sh
Use private key

Cat digital signature

Sh sendfile .sh file and signature

Bob
Sh verify.sh

Verify the digital signature

29.3.23
Digital certifiicate
Proof

DNS
DOMAIN NAME SYSTEM
HTTP AND HTTPS
S -secure
Gives encryption - confidentiality
Nslookup- command prompt command to get ip address of a website
DNS spoofing
Http -> plain text is transferred
Https to protect user data
Authenticity- the user shuld know the website is real or fake

CERTIFICATE AUTHORITY (MICROSOFT , GOOGLE , LETSENCRYPT )

First I need to create a certificate signing network

Send a certificate signing request is sent

*common name
*publickey
*information

FILES

1. Private key
1. Get public key and put In CSR
2. PURPOSE

Never share private key

CA
Self signed certificate
They will sign their own certificate
It has validity
But t
CIA
Ng webserver
Gen priv key privatekey_ng.pem
2048 bits
Sh generate csr.sh

Newtabterminal
Cat ng.csr.cnf
Enter ng.csr.cnf
Give ng_req.csr

Cat ng_req.csr
Base 64
************************************
CA device
Sh gen privatekey
Privatekey_ca.pem
sh generate selfsign certificate
Name it as cert_ca.crt
Days of validity 3650
Common name : www.letsencrypt.org

Cat cert_ca.crt

Send file ng_req.csr ng_v3.ext

Ip letsencrypt.org

Sh sign certifcate
Ng_req.csr
Ext file name - ng_v3.ext
Sign

Sh sendfile -> cert_ng.crt

Ng web server

Sudo service apache2 start

*****************************************************8
Go to windows
https://networkgeek.in

Go to ftp application
Login to CA
Download cert ca
Diffie hellman
HMAC