Public key fingerprint

Public key fingerprint

In public-key cryptography, a public key fingerprint is a short sequence of bytes used to authenticate or look up a longer public key. Fingerprints are created by applying a cryptographic hash function to a public key. Since fingerprints are shorter than the keys they refer to, they can be used to simplify certain key management tasks.

Creating public key fingerprints

A public key fingerprint is typically created through the following steps:
# A public key (and optionally some additional data) is encoded into a sequence of bytes. To ensure that the same fingerprint can be recreated later, the encoding must be deterministic, and any additional data must be exchanged and stored alongside the public key. The additional data is typically information which anyone using the public key should be aware of. Examples of additional data include: which protocol versions the key should be used with (in the case of PGP fingerprints); and the name of the key holder (in the case of X.509 trust anchor fingerprints, where the additional data consists of an X.509 self-signed certificate).
# The data produced in the previous step is hashed with a cryptographic hash function such as MD5 or SHA-1.
# If desired, the hash function output can be truncated to provide a shorter, more convenient fingerprint.

This process produces a short fingerprint which can be used to authenticate a much larger public key. For example, whereas a typical RSA public key will be 1024 bits in length or longer, typical MD5 or SHA-1 fingerprints are only 128 or 160 bits in length.

When displayed for human inspection, fingerprints are usually encoded into hexadecimal strings. These strings are then formatted into groups of characters for readability. For example, a 128-bit MD5 fingerprint for SSH would be displayed as follows:

43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8

Using public key fingerprints for key authentication

When a public key is received over an untrusted channel, such as the Internet, the recipient often wishes to authenticate the public key. Fingerprints can help accomplish this, since their small size allows them to be passed over trusted channels where public keys won't easily fit.

For example, if Alice wishes to authenticate a public key as belonging to Bob, she can contact Bob over the phone or in person and ask him to read his fingerprint to her, or give her a scrap of paper with the fingerprint written down. Alice can then check that this trusted fingerprint matches the fingerprint of the public key. Exchanging and comparing values like this is much easier if the values are short fingerprints instead of long public keys.

Fingerprints can also be useful when automating the exchange or storage of key authentication data. For example, if key authentication data needs to be transmitted through a protocol or stored in a database where the size of a full public key is a problem, then exchanging or storing fingerprints may be a more viable solution.

PGP developed the PGP word list to facilitate the exchange of public key fingerprints over voice channels.

Public key fingerprints in practice

In systems such as SSH, users can exchange and check fingerprints manually to perform key authentication. Once a user has accepted another user's fingerprint, that fingerprint (or the key it refers to) will be stored locally along with a record of the other user's name or address, so that future communications with that user can be automatically authenticated.

In systems such as X.509-based PKI, fingerprints are primarily used to authenticate root keys. These root keys issue certificates which can be used to authenticate user keys. This use of certificates eliminates the need for manual fingerprint verification between users.

In systems such as PGP or Groove, fingerprints can be used for either of the above approaches: they can be used to authenticate keys belonging to other users, or keys belonging to certificate-issuing authorities. In PGP, normal users can issue certificates to each other, forming a web of trust, and fingerprints are often used to assist in this process (e.g., at key-signing parties).

In systems such as CGA or SFS and most cryptographic peer-to-peer networks, fingerprints are embedded into pre-existing address and name formats (such as IPv6 addresses, file names or other identification strings). If addresses and names are already being exchanged through trusted channels, this approach allows fingerprints to piggyback on them.cite conference |author=David Mazières, M. Frans Kaashoek |date=1998-09 |title=Escaping the Evils of Centralized Control with self-certifying pathnames |booktitle=Proceedings of the 8th ACM SIGOPS European workshop: Support for composing distributed applications |location=Sintra, Portugal |publisher=MIT |url=ftp://cag.lcs.mit.edu/pub/dm/papers/mazieres:thesis.ps.gz |format=PostScript |accessdate=2006-12-23 ]

In PGP, fingerprints truncated to 32 or 64 bits are called "key IDs". PGP uses key IDs to refer to public keys for a variety of purposes. These are not, properly speaking, fingerprints, since their short length prevents them from being able to securely authenticate a public key.

Security of public key fingerprints

The primary threat to the security of a fingerprint is a preimage attack, where an attacker constructs a key pair whose public key hashes to a fingerprint which matches the victim's fingerprint. The attacker could then present his public key in place of the victim's public key to masquerade as the victim.

A secondary threat to some systems is a collision attack, where an attacker constructs multiple key pairs which hash to his own fingerprint. This may allow an attacker to repudiate signatures he has created, or cause other confusion.

To prevent preimage attacks, the cryptographic hash function used for a fingerprint should possess the property of second preimage resistance. If collision attacks are a threat, the hash function should also possess the property of collision-resistance. While it is acceptable to truncate hash function output for the sake of shorter, more usable fingerprints, the truncated fingerprints must be long enough to preserve the relevant properties of the hash function against brute-force search attacks.

In practice, most fingerprints commonly used today are based on non-truncated MD5 or SHA-1 hashes. As of 2006, collisions but not preimages can be found in MD5 and (it is believed) in SHA-1. Since these attacks raise questions about the preimage resistance of these hash functions, the future is likely to bring increasing use of newer hash functions such as SHA-256. Fingerprints based on SHA-256 and other hash functions with long output lengths are more likely to be truncated than (relatively short) MD5 or SHA-1 fingerprints.

In situations where fingerprint length must be minimized at all costs, techniques such as hash extension (see cryptographically generated addresses) can be used to boost the security of truncated fingerprints.

See also

* PGP word list
* Public-key cryptography
* Key authentication
* Key management
* Key signing party
* Rabin fingerprint

References


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Public Key Fingerprint — Verschlüsselung mit öffentlichem Schlüssel Unter einem öffentlichen Schlüssel (engl. public key) versteht man in der Kryptologie einen Teilschlüssel eines asymmetrischen Kryptosystems, der vom Schlüsselinhaber veröffentlicht wird. Er bildet damit …   Deutsch Wikipedia

  • Public-key cryptography — In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of that private key …   Wikipedia

  • Public Key — Verschlüsselung mit öffentlichem Schlüssel Unter einem öffentlichen Schlüssel (engl. public key) versteht man in der Kryptologie einen Teilschlüssel eines asymmetrischen Kryptosystems, der vom Schlüsselinhaber veröffentlicht wird. Er bildet damit …   Deutsch Wikipedia

  • Fingerprint (disambiguation) — Fingerprint is usually a human fingerprint made by the pattern of ridges on the pad of a human finger. Other types of fingerprints include,* Genetic fingerprint, distinguishing two individuals of the same species using only samples of their DNA * …   Wikipedia

  • Key signing party — In cryptography, a key signing party is an event at which people present their PGP compatible keys to others in person, who, if they are confident the key actually belongs to the person who claims it, digitally sign the PGP certificate containing …   Wikipedia

  • Key (cryptography) — In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the… …   Wikipedia

  • Rabin fingerprint — The Rabin fingerprinting scheme is a method for implementing public key fingerprints using polynomials over a finite field.chemeGiven an n bit message m 0,..., m n 1, we view it as a polynomial of degree n 1 over the finite field GF(2).: f(x) = m …   Wikipedia

  • Zimmermann-Sassaman key-signing protocol — In cryptography, the Zimmermann Sassaman key signing protocol is a protocol to speed up the public key fingerprint verification part of a key signing party. It requires some work before the event.The protocol was invented during a key signing… …   Wikipedia

  • Diffie–Hellman key exchange — (D–H)[nb 1] is a specific method of exchanging keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge …   Wikipedia

  • Distributed key generation — For some protocols no party should be in the sole possession of the secret key. Rather, during distributed key generation every party obtains a share of the key. A threshold of the participating parties need to cooperate in order to achieve a… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”