hit counter script

Confidentiality - Cisco 11503 - CSS Content Services Switch Configuration Manual

Content services switch ssl configuration guide
Hide thumbs Also See for 11503 - CSS Content Services Switch:
Table of Contents

Advertisement

Chapter 1
Overview of CSS SSL
SSL Cryptography Overview

Confidentiality

Confidentiality means that unintended users cannot view the data. In PKIs,
confidentiality is achieved by encrypting the data through a variety of methods.
In SSL, specifically, large amounts of data are encrypted using one or more
symmetric keys that are known only by the two endpoints. Because the symmetric
key is usually generated by one of the endpoints, it must be transmitted securely
to the other endpoint. Secure transmittal of a symmetric key is generally achieved
by two mechanisms, key exchange or key agreement.
Key exchange is the most common of these two secure transmittal mechanisms.
In key exchange, one device generates the symmetric key and then encrypts it
using an asymmetric encryption scheme before transmitting it to the other side.
Asymmetric encryption requires that both devices have a public key and a private
key. The two keys are mathematically related; data that can be encrypted by the
public key can be decrypted by the private key, and vice versa. The most
commonly used key exchange algorithm is the Rivest Shamir Adelman (RSA)
algorithm.
For SSL, the sender encrypts the symmetric keys with the public key of the
receiver. This ensures that the private key of the receiver is the only key that can
decrypt the transmission. The security of asymmetric encryption depends entirely
on the fact that the private key is known only by the owner and not by any other
party. If this key were compromised for any reason, a fraudulent Web user (or
Web site) could decrypt the stream containing the symmetric key and the entire
data transfer.
In key agreement, the two sides involved in a data exchange cooperate to generate
a symmetric (shared) key. The most common key agreement algorithm is the
Diffie-Hellman algorithm. Diffie-Hellman depends on certain parameters to
generate the shared key that is calculated and exchanged between the client and
the server.
Cisco Content Services Switch SSL Configuration Guide
1-3
OL-5655-01

Advertisement

Table of Contents
loading

This manual is also suitable for:

11500 series

Table of Contents