Digital Signatures and Cryptography

Descriptive Sites by Others

These folk have written good descriptions so I present them here.

• Peter SJF Bance's WoT page
• Peter SJF Bance's WoT FAQ page
• "Why You Should Use Encryption" from GoingWare, Inc.
• Christian Barmala's "Why Cryptography" page
• Christian Barmala's X.509 Aware Applications page
• Verisign's "About Digital IDs" page

Basic Definitions

encryption

Transformation of information in a way to render it not usable to those with out permission to access it.
 

decryption

The recovery of encrypted information.
 

hash function

A function that yields a value that can be used to uniquely identify its input without a bit for bit comparison, e.g.., MD5 or SHA-1.
 

symmetric cypher

An encryption system that uses the same key to encrypt and decrypt, example DES.
 

asymmetric cypher

An encryption system that uses different keys to encrypt and decrypt. One key, the public key, is distributed widely. The other, private key, is known only to the owner of the key set.
 

digital signature

A method of proving the authorship and content of an electronic document such as e-mail. Often the result of a hash function applied to the document encrypted with the signer's private key.
 

Main Systems Used

• PGP (Pretty Good Privacy) - A program originally written by Phil Zimmerman to make strong cryptography widely available in cyberspace. PGP introduced the idea of the "Web of Trust" (WoT) for deciding how much trust to place in an individual's key. The WoT is based on the idea of friends introducing friends one to another as the basis of trust. PGP is available as freeware from pgpi.org for non-commercial use. The commercially usable edition is available, as a boxed CD-ROM or download, from PGP.com for $99.00.
   
• S/MIME (Secure / MIME) - A net standard developed using elements from the ITU-T (then CCITT) X.500 Directory Services standards to add encryption and digital signatures to the MIME standard for e-mail messages. In this environment the trust level of a key is based on a chain of digital certificates (based in the X.509 standard) leading back to a "well known" centralized Certifying Authority (CA), for example VeriSign, Thawte Consulting, Canada Post Corporation or USPS.
   

S/MIME Digital Certificate Sources

• VeriSign - $19.95 per year, your credit card and receiving an e-mail at the given address proves ID enroll here
   
• Thawte Freemail/WoT - FREE! At the most basic level proves you have access to the e-mail address given (as "Thawte Freemail Member"). Thawte has adapted the Web of Trust idea to the issuance of X.509 Certificates through a network of Digital Notaries. Depending on the experience of the Notaries by presenting proof of identity to between 2 and 5 Notaries you will be able to include your name in your Freemail certificates. See below for how to get a Freemail certificate.
   

Advanced Preparation for Meeting with A WoT Notary

Please, use this list to prepare for meeting with a Digital Notary to assert your identity. Completion of steps 1-5 prior to the meeting will save time for everyone.

1. Go to the Thawte web site ( http://www.thawte.com/) for a description of the certificates and their uses. [NOTE: Your Thawte ID can be either your verified e-mail address or the CC-nid-1 format, YOUR choice. (Personally, I'd suggest an e-mail address that's unlikely to change.)]
2. Sign up for the Freemail certificate program by choosing the Join link.
3. Respond as requested to the e-mail verifying your e-mail address. Once you submit the the probe and ping you do not have to request a certificate immeadiately (see next step).
4. Unless you NEED a certificate prior to the meeting, WAIT to request certificates until after you have been notarized to the 50 point level and can get certificates with your name in them.
5. Have a photocopy of the below ID(s) for each Notary who will be asserting you. For ACGNJ meetings where this is the topic of the meeting you do not need the copies, there will be a copy machine available at the site.
6. Bring one or more forms of ID with you to the meeting. One needs to be a photo ID, one must have what you are using as your "National Identification Number" (NID). If you use your Driver's License Number for your NID a photo Driver's License alone would be enough. If you use your Social Security Number you must present your ORIGINAL Social Security Card plus a photo ID.

ACGNJ Window Pains - Cryptography & Digital Signatures Page.
. Send comments to kb4cyc@webwarren.com
URL: http://