Cryptographic hashes?

Oca Emilio eoca at afip.gov.ar
Wed Aug 27 13:24:59 UTC 2003 

Chris,

I didn't look at the SHA & MD5 squeak implementation, but I think that you
need a whole (standard) protocol to get what you need. 

To encrypt a message:
* You first get a random one-time pad key (or session key).
* You are going to encrypt your message with this otpKey.
* With your encrypted message, you are going to send this otpKey encrypted
with the destination public key.
* Only he/she would be able to open the encrypted otKey and then decrypt the
intended message

A session key allows the use of faster crypt algorithms than the ones
involved on private/public key encryption.

To sign your message:
* You get a digest from your message using SHA or MD5 (That's what they are
for)
* You encrypt with your private key that digest end send it with your
encrypted or plain message.
* Whoever reads it can re-digest the message 
* And then verify that the decrypted (with your public key) digest you have
sent matches the re-digest.

The secure shipment of publics key is covered on certificates.
In this case, the certificate issuer makes a digest of your 'personal' data
and your public key and then sign it. Then the issuer attaches his own
certificate, which you could verify with his public key.
You just can trust this certificate or get a certificate of the issuer...
and so on.
This chain stops when you get to one of the issuers whose certificates are
already hardcoded on IExplorer, Netscape or so like VeriSign, Thawte, etc.

I don't know what else (apart from digest algorithms) is implemented on
squeak to support this.

Regards

	Emilio



> -----Mensaje original-----
> De: Chris Muller [mailto:afunkyobject at yahoo.com]
> Enviado el: Martes, 26 de Agosto de 2003 18:39
> Para: mdrs at akasta.com; Squeak List
> Asunto: Re: Cryptographic hashes?
> 
> 
> 
> > There are two cryptographic hashes which are easy to use in Squeak, SHA
> > and MD5.
> 
> Hi Mike, I, too am interested in this.  I looked at the 
> classes you mentioned,
> and they look nice and simple for signing messages and verifying those
> signatures.  However, I was not clear about how or where any 
> encryption or
> decryption occurs.  I want to make Strings unreadable except 
> by those whom I've
> "sent" a message encrypted with my private and their public key.
> 
> Please forgive my ignorance in this subject, how do I do this?
> 
> Thank you !
>   Chris
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
>

More information about the Squeak-dev mailing list