This is a Clilstore unit. You can .
UNIT 1 – SECURITY AND INTEGRITY
In this part of the unit we are talking about how to make sure, he communications through a shared channel, like internet, where there are many bad guys, who might intercept the messages, read and modify them, and even usurp the identity of other people with evil intent.
In the activity 1, we will learn how to ensure that nobody except the legitimate receiver will read your communications using encryption
In the activity 2, we will learn how to ensure that the message has not been intercepted and modified by a third person, using digital signature
In the activiy 3, we will learn how to ensure that the sender is identified in a reliable way using certificates from an Certifying Authority
All these elements are meant to make sure the communications from a legal standpoint. This concept is also known as to provide LEGAL SECURITY to the Internet
When a communication is carried out through a shared network like Internet, how can you tell that the other part, who could be wherever in the world, is really the one who tells you he is. This problem is very important front the point of view of tasks made on Internet with legal implications. And can be partially solved with the digital signature.
For instance: the Tax Agency must make sure that the author of an on line statement income (declaración de la renta) is the real tax payer and not an usurper, in order to suit him and fine him in case of infraction.
When you receive a document by a shared channel like Internet, how can I make sure that the document is not intercepted and modified by a third part.
Both problems can be solved using digital signature
To digitally sign a document is to encrypt it using your private key This allows everybody who knows your public key, and successfully decrypts the document, to ensure that it comes from you. Well, this statement is not totally true. Actually, it ensures that the document comes from the owner of a public key. But, the problem comes when the public key was not delivered personally by the sender to the receiver, face to face. If it was just sent on internet, it is impossible for the receiver to ascertain who was the real sender. Maybe it was sent by a third person. Or maybe the message was intercepted and changed by an usurper. All this may sound to you very unlikely, but while it is technically feasible, the legal consequences might be really serious
The digital signature, also ensures that the document was not modified by anybody else while travelling through the network, since the document is encrypted by the sender, any change made by a man in the middle would corrupt it, and turning the decrypt process impossible.
As before said, to encrypt a long document using private public key encryption is a very time costing process. So what is actually made is to calculate a HASH from the document and then encrypt it. A Hash is a short character chain obtained from the content of the message through a mathematical funtion. A message always will produce a single and unic hash. Two differente messages, always will produce two different hashes
This is the process broken down in its steps.:
The sender, delivers in a trustworthy way his/her public key to the receiver
A short chain of bytes called the HASH, is worked out using a complex mathematical calculation over the document contents. For a message the hash is unique. Two different documents can't produce the same hash. And a document always will produce the same and single hash.
The sender encrypts the hash using his/her private key. As the hash takes up just some bytes, the encryption process is very quick
The sender sends both the document and the encrypted hash to the receiver
The receiver can ascertain the origin if he/she can successfully decrypt the hash using the sender's public key
Then de receiver calculates the Hash of the received document. If the results matches the received hash, the integrity of the document has been secured
We are facing the following scenario: We have to send an important file to a classmate. It doesn't matter if a third part reads the document, so it is not necessary to send it encrypted. But for legal reason you want to make sure that the document arrives to him with no modification at all. Your partner also have your public key, delivered in a reliable way. In order to verify the origin and the integrity of this document we must sign it digitally, which means, you have to encrypt its hash with your private key
Make a new Libre Office Write document
Select randomly a number paragraphs from this activity text, and copy them to the new document
Run Kleopatra, selecting Aplicaciones→Accesorios ->Kleopatra
Select the menu option File→Sign-Encrypt File
A window pops up allowing you to select the file to sign. Select the write document “yournamedocument.odt” made in the previous step
A new window pops up allowing you to select the actions to perform with the file:
Sign and encrypt
Select this option and click on the button next.
In the following window , enable only sign with OpenPGP
Click on the sign button. The file will be digitally signed. The signature is a file with the same name plus the extension .sig, for instance josesdocument.odt.sig. This files contains the file hash encrypted with you private key
Send both the original file, and its digital sign file to your classmate. He must do the same, giving you a signed file. We are assuming that in the previous activity you both exchanged your public keys. Save the files sent by your classmate in the same folder.
In this part of the activity you must verify the integrity and the authenticate the origin of a file delivered or sent to you by a classmate, Remember, we are assuming that you have installed its public key in the encryption activity, and both files are in the same folder
Run Kleopatra and select File→decrypt -Verify
Select the file sent by your classmate. In this very folder must be placed both the file and the sign file with the same name and the extension .sig
Click on Decrypt -Verify
If the file is genuine, and has not been modified, Kleopatra will show this message.
Save this document with your name. For example, call it “Josesdocument.odt”. This is the document we are going to send digitally signed to your classmate.
Call your teacher in order to assess the activity.
It's easy to check that the verification worked properly. Just open the file and modify it, adding some word or deleting some letter and save the document.Then perform the verification process again. Now Kleopatra will show this message.
Felipe Martínez. Dept. Informàtica 9/10
IES EL CABANYAL- VALENCIA
Short url: http://multidict.net/cs/4497