We depend more and more on Internet technology. Everyday we interact and perform some tasks related to our life over the Internet, it can be a flight ticket buying, bank transaction, goods buying, collaborating with colleagues …etc. Some of these tasks can be without any risks, while others need a high level of security, it might be very crucial and dangerous to submit data over the Internet without really knowing how this last will be transported and held by the site.
It is important to secure this kind of web sites, which work with personal and confidential data and we all expect these sites to take care of our data. One of the widely used methods for securing web sites and the data transferred between sites, browsers and users is the PKC standards. Based on the asymmetric cryptographic algorithm where two keys are used, the public and private. This is an important advance in the cryptography and security field as two entities are now able to communicate securely by interchanging only the public key. This approach is considerable with the added layer of security without any need to share or synchronize the private key which is different and personal for each entity (Wang, Unknown).
The PKCS has 15 standards each of which deals with a specific aspect of securing data. One particular standard interests me, the 7th standard, Cryptographic Message Syntax (CMS), previously known and described in the RFC 3369 that defines the syntax and how we digitally sign the message. It is related to the encapsulation of protected data, we can have different encapsulation to enhance the security of the transferred message. In practice, we combine these encapsulations to have one inside the other and it makes it more secure and more difficult for hackers to intercept and retrieve the original message from the secure one.
A PKCS message can hold sixe different types of content; the content can be encrypted, signed or hashed (Schmeh, 2006). It is in fact set up recursively, the six different types of content are
– Data, this is the elementary content before applying any form of cryptography or signing method.
– Signed Data, the hash result is signed in a standardised format.
– Enveloped Data, the secret key used for encrypting message is at its tour encrypted with the public key.
– Signed and enveloped data, the PKCS already encrypted message is also encrypted with a hybrid method
– Digest Data, a hash cryptographic method is applied to the message that is again a PKCS message.
– Encrypted Data, the PKCS message is than encrypted with a symmetric algorithm
All these recursive and encapsulated algorithms and methods add an important load to the message but ensure a reasonable level of security.
– Chey Cobb (2004). Cryptography for dummies. John Wiley & Sons, 2004. ISBN: 0764568310.
– Yongge Wang (Unknown). Public-Key Cryptography Standards: PKCS. University of North Carolina at Charlotte. Available at: http://coitweb.uncc.edu/~yonwang/papers/pkcs.pdf
– Klaus Schmeh (2006). Cryptography and Public Key Infrastructure on the Internet. John Wiley & Sons, 2006. ISBN: 0470862483.