A Certificate message contains the X.509 certificate of the sender (i.e., the client or the server). The server will not send this message if it is not authenticating with a certificate; the client will only send a certificate if the server sent a CertificateRequest during the Server Parameters phase of the protocol handshake. The CertificateVerify message contains a digital signature covering the entire protocol handshake exchange, employing the private key associated to the public key in the previously sent Certificate message. As above, this message is only sent by the client or server if they are employing certificate-based authentication. The Finished message contains a Message Authentication Code (MAC) over the entire handshake.

Until the mid-1990s or so, brute force attacks were beyond the capabilities of computers that were within the budget of the attacker community. By that time, however, significant compute power was typically available and accessible. General-purpose computers such as PCs were already being used for brute force attacks. For serious attackers with money to spend, such as some large companies or governments, Field Programmable Gate Array (FPGA) or Application-Specific Integrated Circuits (ASIC) technology offered the ability to build specialized chips that could provide even faster and cheaper solutions than a PC. As an example, the AT&T Optimized Reconfigurable Cell Array (ORCA) FPGA chip cost about $200 and could test 30 million DES keys per second, while a $10 ASIC chip could test 200 million DES keys per second; compare that to a PC which might be able to test 40,000 keys per second. Distributed attacks, harnessing the power of up to tens of thousands of powerful CPUs, are now commonly employed to try to brute-force crypto keys.

RFC 3369: Cryptographic Message Syntax (CMS) (based upon PKCS #7) — Describes the syntax (format) used to digitally sign, digest, authenticate, or encrypt any type of message content, the rules for encapsulation, and an architecture for certificate-based key management. RFC 3370: Cryptographic Message Syntax (CMS) Algorithms — Describes the use of common crypto algorithms to support the CMS, such as those for message digests (e.g., MD5 and SHA-1), signatures (e.g., DSA and RSA), key management, and content encryption (e.g., RC2 and 3DES). RFC 3850: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Certificate Handling — Specifies how S/MIME agents use the Internet X.509 Public Key Infrastructure (PKIX) and X.509 certificates to send and receive secure MIME messages. (See Section 4.3 for additional information about X.509 certificates.) RFC 3851: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification — Describes the "secure" part of the S/MIME protocol, add digital signature and encryption services to MIME. The MIME standard specifies the general structure for different content types within Internet messages; this RFC specifies cryptographically-enhanced MIME body parts.

Select p=3 and q=5. The modulus n = pq = 15. The value e must be relatively prime to (p-1)(q-1) = (2)(4) = 8. Select e=11. The value d must be chosen so that (ed-1)/[(p-1)(q-1)] is an integer. Thus, the value (11d-1)/[(2)(4)] = (11d-1)/8 must be an integer. Calculate one possible value, d=3. Let's suppose that we want to send a message — maybe a secret key — that has the numeric value of 7 (i.e., M=7). [More on this choice below.] The sender encrypts the message (M) using the public key value (e,n)=(11,15) and computes the ciphertext (C) with the formula C = 7 11 mod 15 = 1977326743 mod 15 = 13. The receiver decrypts the ciphertext using the private key value (d,n)=(3,15) and computes the plaintext with the formula M = 13 3 mod 15 = 2197 mod 15 = 7.

Now, this might look a bit complex and, indeed, the mathematics does take a lot of computer power given the large size of the numbers; since p and q may be 100 digits (decimal) or more, d and e will be about the same size and n may be over 200 digits. Nevertheless, a simple example may help. In this example, the values for p, q, e, and d are purposely chosen to be very small and the reader will see exactly how badly these values perform, but hopefully the algorithm will be adequately demonstrated:

Suppose Carol claims to hold Bob's public key and offers to give the key to Alice. How does Alice know that Carol's version of Bob's key is valid or if Carol is actually giving Alice a key that will allow Mallory access to messages? The answer is, "It depends." If Alice trusts Carol and Carol says that she thinks that her version of Bob's key is valid, then Alice may — at her option — trust that key. And trust is not necessarily transitive; if Dave has a copy of Bob's key and Carol trusts Dave, it does not necessarily follow that Alice trusts Dave even if she does trust Carol.

 NOTE: You'll notice that the output above is shown in BASE64. BASE64 is a 64-character alphabet — i.e., a six-bit character code composed of upper- and lower-case letters, the digits 0-9, and a few punctuation characters — that is commonly used as a way to display binary data. A byte has eight bits, or 256 values, but not all 256 ASCII characters are defined and/or printable. BASE64, simply, takes a binary string (or file), divides it into six-bit blocks, and translates each block into a printable character. More information about BASE64 can be found at my BASE64 Alphabet page or at Wikipedia.

The IP Encapsulating Security Payload (ESP), described in RFC 4303, provides message integrity and privacy mechanisms in addition to authentication. As in AH, ESP uses HMAC with MD5, SHA-1, or RIPEMD authentication (RFC 2403/RFC 2404/RFC 2857); privacy is provided using DES-CBC encryption (RFC 2405), NULL encryption (RFC 2410), other CBC-mode algorithms (RFC 2451), or AES (RFC 3686). See also RFC 4305 and RFC 4308.

Pretty Good Privacy (PGP) A family of cryptographic routines for e-mail, file, and disk encryption developed by Philip Zimmermann. PGP 2.6.x uses RSA for key management and digital signatures, IDEA for message encryption, and MD5 for computing the message's hash value; more information can also be found in RFC 1991. PGP 5.x (formerly known as "PGP 3") uses Diffie-Hellman/DSS for key management and digital signatures; IDEA, CAST, or 3DES for message encryption; and MD5 or SHA for computing the message's hash value. OpenPGP, described in RFC 2440, is an open definition of security software based on PGP 5.x. The GNU Privacy Guard (GPG) is a free software version of OpenPGP.

