telecommunications training, dvd video courses, online telecom course, IP networking and MPLS training, VoIP fundamentals, books, certification
 

Teracom Tutorial: Authentication, Digital Signatures and Digitally-Signed Email

Go to Teracom home page scheduled public seminars, instructor-led telecom training, networking training, telecommunications training, VoIP training, MPLS training courses self-paced DVD video courses telecom, datacom, networking, IP, MPLS, wireless, training, learning, courses, online online certification and testing info on bringing any Teracom seminar to your location for a private team training session telecommunications training book, networking book Free online tutorials (graphic/text and VideoTutorials), plus knowledge evaluation quizzes, archived newsletter articles and more!
site map
 QUICK LINKS
Register for Certification
Register: Online Courses
Register for a Seminar
Order DVDs
Order Books
Certification Exams
Online Course Previews
Video Previews
Newsletter
CPE Credits
Specials
free bonuses - certification and online courses
 LEARNING YOUR WAY
Online Courses
Certification
Instructor-Led Courses
Private Onsite Training
DVD-Video Courses
Reference Books
Free Tutorials
 TERACOM
Why take our courses
Who will benefit
Value pricing
Reviews
Instructors
About Teracom
Contact us
Policies and FAQs
be notified of new tutorials, seminars, video releases and more
Teracom Tutorial: Authentication, Digital Signatures and Digitally-Signed Email
E-mail was one of the first "killer apps" on the Internet, and has been a major contributor to increases in productivity over the past ten years. Of course, along with email came the scourge of spam. Criminals infect computers with trojan horse programs, creating collections of machines they control remotely to send millions of unsolicited offers for fake watches, pirated software, phony medications and ecard invitations to infect your computer.
 
As spam reaches 30, 40 or even 100 unwanted messages per day on a targeted account, it is becoming essential to automatically separate legitimate messages from spam. One tool available to senders of legitimate emails to aid the recipient in this process is to digitally sign their messages, allowing the recipient to establish a level of comfort that the message actually came from the indicated sender.
 
This email is digitally signed. Your mail client may indicate that it has verified the signature; for example, yahoo mail displays a key icon and gmail states "signed by" below the the to: and from: information. This verification can be used to raises the confidence level at your end that the message is legitimate.
 
asymmetric encryption
Digital signatures are implemented with asymmetric encryption. Asymmetric means that there are two keys (binary numbers). What is encrypted using one key can be decrypted with the other... and vice-versa. The most popular method of generating key pairs and using them for encryption and decryption was devised by three fellows named Rivest, Shamir and Adelman and is called RSA.
 
A standard strategy is to generate a key pair, then make one of the keys visible to the public and keep the other key private.
 
Digitally signing a message means the sender using their private key to encrypt selected text and attaching that to the message.
 
To authenticate the message, that is, verify the digital signature, the recipient can get a copy of the purported sender's public key and use that to try to decrypt the selected text attached to the message.
 
If the decryption using the sender's public key is successful, then the recipient knows that the message was indeed "signed" by the sender (or by someone who stole the sender's private key).
 
This process is called authentication.
 
 
Yahoo developed the Domainkeys strategy, which is implemented for this email:
 
At the sender, the Secure Hash Algorithm 1 (SHA-1) is used to generate a "hash" or unique binary number representing the email message body and headers such as Message-ID, Received header, the X-Mailer header, Date header, From:, To:, MIME-Version: and Content-Type headers. This hash is then encrypted with the sender's private key using RSA, and the encrypted hash is added as another message header.
 
At the receiver, it is necessary to get the sender's public key... so how does the receiver get that? The Domain Name System (DNS) is used. Normally, DNS records relate domain names to IP addresses; but it turns out that a DNS record type that allowed free text for comments or domain info was implemented, and this is used to store the domain's public key.
 
So the receiver examines the domain name of the purported sender, does a DNS lookup to get the domainkeys public key for that domain, and uses it to decrypt the hash contained in the email header. The receiver also computes the hash of the received message and compares the two.
 
If they are not the same, then the message was not sent by that domain (the From: field is false, for example), or the message was altered, and the receiver would generally put the message in the garbage where it belongs.
 
If the hash of the message and the hash in the header are the same, then we have a high confidence that domain sent the message. This knowledge might be combined with other knowledge, for example the reputation of the sending domain, and used to decide to place the message in the inbox.
 
This sending-domain authentication using digital signatures is one tool in the fight against spam. Teracom has implemented it to help ensure that our newsletter goes into your inbox, particularly if you use Yahoo mail. Note that if you want to be absolutely sure these messages go in your inbox, also add "newsletter@teracomtraining.com" to your whitelist / trusted senders / address book... this is the "reputation" part of the previous paragraph.
 
The Yahoo Domainkeys strategy is being improved and standardized in RFC 4871.
 
Asymmetric encryption, digital signatures and authentication are covered in:
Teracom DVD-Video Course V5, "Understanding Networking 2", and in
Teracom instructor-led Course 110, "IP Telecommunications".
 

DNS is covered in
Teracom DVD-Video Course V5, "Understanding Networking 2", and in
Teracom instructor-led Course 101 Telecom, Datacom and Networking for Non-Engineers"

online telecom training courses
online courses
telecommunications certification
certification
instructor-led course 101: telecom, datacom and networking for non-engineering professionals
instructor-led
seminars
textbooks, reference books, certification study guides
books
DVD video courses
DVD-video courses
boot camp
mind the gap!
tell a friend:
Join our satisfied customers including:
at&t verizon bell canada microsoft intel cisco gsa cox cable
 
Copyright © Teracom Training Institute.   All rights reserved.    privacy policy    contact us    FAQs, help and policies