FastTrackSoft is thrilled to announce the release of FastTrackFTP, a handy new powerful local computer and remote server access device which is now available for trial and purchase on the company's website (www.ftftp.com). FTP (File Transfer Protocol) was initially used in Unix systems a number of years ago to copy and move shared network files. With the development of the Internet, FTP found broader application in uploading and downloading online data, and especially posting websites on ISP servers.
Main features
The program lets you upload and download data or delete one or more files, including whole folders along with subdirectories. The transfer interface window shows what percentage of files has already been uploaded or downloaded. It can also automatically resume and complete file transfers, which for some reason, have been interrupted, or periodically attempt to connect with the FTP server if the pervious link was unsuccessful.
FastTrack FTP features modern security standards including SSL, SSL2, SSL3, TLS, SSH, SSH2, PGP, and password encryption. The program supports a multitasking data transfer mode, files and folders synchronization, scripts, 128-bit encoding, and more. FastTrackFTP allows you to create and configure various error processing rules, file overwriting rules, action processing and more.
Let's look closer at the program's capabilities. Don't worry, you won't be overwhelmed with dozens of tabs, buttons and more. FastTrack FTP has an intuitive and handy UI ("drag-and-drop" supported) which allows beginners as well computer professionals to learn the software quickly.
To support simultaneous file transfer, FastTrack FTP creates the required number of sessions. At this time (during the file transfer process), a user can continue browsing the site. The software allows you to create 'smart' file renaming rules, extension processing rules, registry editing rules, and set up data transfer modes (ASCII or Binary). FastTrack FTP also features a special carriage return symbols editor which can be very useful when editing scripts. The software can automatically turn on/off the passive data transfer mode as needed and correct connection settings input errors.
FastTrack FTP features a really handy site manager (FTP-server editor) which allows you to easily handle large number of sites. It also includes a built-in zip-compressor.
FastTrack FTP can handle file groups and allows you to change attributes of files stored on an FTP-server. The special editor allows you to edit files directly on the server. You can set up additional custom commands and add them to the main menu. Custom commands can be grouped by various criteria. It is also possible to connect an external HTML editor to edit web pages and other files.
For business sites, as opposed to private home pages, information security comes into play. Can you estimate the possible losses in case your web site is hacked? Chances are that the loss would be painful. With this in mind, you should remember the one big FTP-protocol disadvantage: data is transmitted in an un-encrypted form. That is why FastTrackFTP supports Shell Access, FTPS (File Transfer Protocol using SSL), SFTP (Secure File Transfer Protocol) and many others. The good news is that you do not need to install and connect any additional external libraries in order to use these protocols. Thus, all traffic will be encrypted and it will be impossible to intercept your login and password.
Among other useful features, we would like to draw your attention to the following: download resume, log files, directories compare and synchronization with a few clicks (considering local time zones), clipboard monitoring, transferal of large (over 1 GB) files, proxy servers and firewalls support, SOCKS 4, 4.5 and 5, download speed display, and assigning the starting directory (on a local hard drive as well as on a server) for each server. There is also a 'keep alive' feature which keeps the connection to a server alive by sending special commands. All this speeds up your work and allows you to avoid unnecessary searches. When connected to a desired FTP-server, you get the desired server directory opened in the right panel and the desired local hard disk directory in the left panel. When comparing the contents of the local directory and the server contents, files that differ are highlighted.
The built-in scheduler can do all the night work while you are sleeping.
Description
After installing FastTrackFTP, the icon with the program name appears on the desktop. When you run the program, you will see the list of local disks (on the left) and the list of FTP-servers to which you can connect (on the right). Above the lists, there is the main toolbar. Working with FastTrackFTP is as easy as working with common disk windows. To add a new server connection profile, please click on the "New Server" button. You can click "Properties" to edit existing FTP server profiles.
You also need to specify a username, password, protocol type (FTP, TLS/SSL Implicit or Explicit, SFTP/SSH2) and a connection port. The default settings are: FTP, port 21. In some cases you might need to choose a corresponding FTP-server response type. FastTrackFTP allows you to create as many connections as desired. To connect to an FTP-server, just click the "Connect" button.
Now you will see that the screen is divided into three parts: the bottom window displays all the actions, on the left you will see the current FTP-server content, and on the right, you will see your local hard drive. By sight, an FTP-server looks exactly like your local hard drive looks in windows explorer. Generally, working with an FTP-server is just like working with a network drive.
At the bottom of the screen, the status bar includes status information, such as successful connection to an FTP-server, file transfer progress and sessions established.
Your access to network drives can often be limited or restricted.
To create a profile, please fill out the fields described below.
Profile Name: enter a desired profile name, "My Web Site", for example. Using profiles, you won't need to enter the same server settings each time you'd like to connect to the server.
Host Name/Address: enter a remote computer address, ftp.microsoft.com, for example. Usually it will be your domain name.
Response Type: for most servers you can use "Default". If file size, date and file names are displayed incorrectly, please try another type, say, Microsoft FTP v.5.0.
User ID: a login name for this server. "anonymous", for example.
Password: a password, which is used with the login name specified in the "User ID" field. For the "anonymous" username, this should be text which contains "@".
Account Comment: these fields are usually blank.
After everything is configured, click "Save".
If FastTrackFTP failed to connect to a server (nothing is displayed in the right window), you can try to connect to one of the test-servers, which are initially present in the program. If FastTrackFTP failed to connect to a test FTP-server, please check if the program has not been blocked by a built-in firewall. Please check if you have Zone Alarm, Internet Security, anti-virus
utilities (etc.) running. If one or more of the these are running, you need to configure them. By default, such applications block FTP-ports and do not allow any applications to connect to the Internet until added to their white list.
Please also check the "Properties", "Preferences/General" and "Preferences/Proxy" tabs.
Please set up the following:
1. Remote Port: specify a remote server port. By default, it
is port 21. If a server uses some other port, this is usually mentioned
in the server's info. For example, if you need to connect to ftp.yoursite.com:22,
please specify "22" in the "Remote Port" field.
2. Passive Transfers: please try both options. Usually, if you
are behind a firewall, the passive mode is required.
3. Connection Retry: the number of tries to connect to an FTP-server.
4. Default Time out: the time FastTrackFTP waits for a reply
from an FTP-server.
If you use a proxy-server, please specify the corresponding proxy-server settings. If you do not use a proxy-server, please select "Direct Connection" on the "Firewall" tab. If a connection to the FTP-server has not been established, please check your Internet connection or contact your system administrator.
OK, FastTrackFTP is now connected to the FTP-server. In the right window, the contents of the remote computer should be displayed. You can open directories by clicking on them. Generally, the toolbar on the left relates to the local computer, the toolbar on the right, to the remote computer (FTP-server). To transfer a file from an FTP-server to the local computer, please select it with the mouse cursor and click the corresponding arrow (Shift and Ctrl can be used to select multiple files). You can use the "View" and "Run" buttons to view the selected file in a text editor or launch it if it is an .exe or .com file. Use the "Delete", "Refresh" or "Disconnect" buttons to delete selected files, refresh the file list or disconnect from the server.
NOTE: files and HTML-documents should be transferred in the binary mode. To create a new directory, please click MakeDir.
After files are uploaded to a web server, your visitors can access them using a web browser. If a file was uploaded to the server and it is not visible in a browser, please try clicking on the browser's "Refresh" or "Reload" buttons. If this didn't help, try clearing the browser cache.
If FTP is unavailable for some reasons, please check your firewall settings. Perhaps your firewall is configured in such a way that you can only use your web browser.
Other connection profile settings
List Options:
- Show Hidden Files
- Force Long Format
- Recursive
- Resolve Links
- Complete Time
- Use "|" as the Option Delimiter
- Use Relative Names
Initial folders
Here you can set a starting directory which will be automatically opened when connected to a local or remote computer server.
Time Zone
To make file comparison easier, you can set up a time zone (since your FTP-server can be located in other country or on other continent).
Secure Channels
By default, the FTP-protocol is used, however FastTrackFTP also supports other protocols. Please contact your system administrator to check which other protocols are supported by your server.
Program's main form. Additional features.
Data transfer display. Stop transfer.
The lower panel contains several tabs. The first tab shows all messages transmitted from a server to the application, and from the application to a server. If writing to the log file is enabled, you will also find those messages (as well as the list of opened sessions) recorded in the text file.
The "Progress" panel displays all file transfer processes.
The columns also display the following:
- File name
- File size
- Transfer direction
- Progress bar
- Connection speed
- Download start time
The last lower tab displays the list of all executed tasks and their status.
Create New Window.
Another session/window of FastTrackFTP will be started when you select this menu item.
FastTrackFTP Scheduler
To run the scheduler, please select the "Scheduler" menu item. You can configure the scheduler so that the program will perform all desired actions immediately, or put them in a queue and execute them later, when you specify all desired actions. After a file upload/download is complete, FastTrackFTP can automatically disconnect from a server, go offline, shut itself down, shut down the computer or end the current user session.
If you often update files on your server, you might find the content compare feature useful. This allows you to compare remote and local directories.
Using the scheduler, you can set the order of file processing (uploading/downloading) and specify days of the week on which the program should perform specified actions.
Directories synchronization
Here you can set a local directory and a path on the server to synchronize directories and subdirectories.
Synchronization type:
You can save your new settings and use them later.
PGP
In the main menu there are options which allow you to encrypt and sign files using PGP.
File compression/decompression:
Please use the special main menu items to compress/decompress files or transfer files with automatic compression/decompression. FastTrackFTP can create gzip-compatible files.
Custom commands:
FastTrackFTP features a flexible custom commands editor. Please note that different servers might support different commands. Therefore, please contact your server administrator to check the supported commands list for your particular server.
You can add new commands and customize variable as necessary.
You can find the list of variables, examples of commands and their syntax in the editor window on the right.
Files attributes/the CHMODE command.
Select a group of files on a server and open the "File Attributes" menu. There you can specify a code or configure permission options. It is also possible to edit file attributes manually. To do this, please manually enter "SITE CHMOD 755 filename.htm", where filename..htm is your file name, 755 - the chmod code.
Other novelties
The program is error-sensitive and automatically corrects mistakes made by users. Other programs tend to use different input and setting formats to access the FTP server. FastTrackFTP was designed to be smart and sensible software. It will enter the right address even if you attempt to connect using any one of the following formats.
ftp.hostname.com
ftp://ftp.hostname.com
user@ftp.hostname.com/folder
ftp://user:password@ftp.hostname.com:port/dir
ftp://user.password@ftp.hostname.com:port/folder
ftp://user@ftp.hostname.com:port/folder
ftp://user@ftp.hostname.com
ftp://user@ftp.hostname.com:port
http://ftp.hostname.com
For example, if you make a mistake and enter a blank space in the address, the program will automatically remove it from the address, as well as any other inadmissible symbols, and will correct the address while the connection is in progress.
The program is compatible with virtually all types of servers and allows you to frame a special server response format and a rule for reading the list of server-based files and folders. The most frequent connections can be saved and subsequently entered by single- clicking the mouse. The program can save the default folders both for remote servers and local computers.
Files shown in upper and lower case will appear on the server as separate files . Therefore, sometimes when you upload a file or picture, it won't be visible on a website. For example, your site contains a link to the file asona.gif but you uploaded Asona.gif. Here you will need a program command which allows you to change the case type, both on local computers and remote servers.
You can set the screen properties and menu options to confirm various operations which can be modified in the menu item "Program Settings".
The program also contains standard file management functions. You can:
Should you require special commands not available in the program, all you have to do is go to "custom commands", which can be saved for later use.
And last but not least, you will be amazed that such a powerful program comes in such a tiny package.
The trial-version of the program can be downloaded at: http://www.fasttrackftp.com
Preferences
Before starting to work with FastTrackFTP, please have a look at the wide range of preferences offered.
After clicking on "Preferences", you can access the following sections: "Connection", "Transfer", "Security" and "Display".
Connection
In the "General" section, please configure the general settings: "Time Out", "Multi-Session", and "Port modes".
FastTrackFTP supports the multi-session mode. You can set the number of sessions so that the program uses multiple connections when simultaneously transferring multiple files. It is also possible to browse the site when downloading/uploading files.
Proxy / Firewall
If you connect to the Internet using a proxy-server, please configure the following options: Proxy, Firewall, Sockets 4/4A/5.
Keep Alive
This feature allows you to trick an FTP-server and keep the connection alive while you are not working with the program.
Log-file
Check the "Enable Log" checkbox to ensure that all actions performed by the application will be recorded to the .log text file.
Transfer
There are four sections: "ASCII/Binary", "Smart Transfer", "Rename Rules" and "Events".
ASCII/Binary
You can choose either the ASCII or Binary transfer mode depending on the files extension.
Carriage Return
FastTrackFTP allows you to change "Carriage Return" for desired files so that the binary transfer mode could be used instead of ASCII when sending the files. To do this, please select files on the local computer and click "Carriage Return" in the main menu.
Thus, you can set a desired carriage return (in scripts) before uploading data to a server. The point is that if your scripts contain text of various encodings or special characters, you won't be able to use the ASCII transfer mode. In this case, it is recommended that you use the Binary transfer mode and the "Carriage Return" editor.
Smart Transfer
Using this feature you can set "smart" rules for files re-writing. For example, the program can check for the following file info:
- Creation time
- Size
- The ability to ignore files which have zero size
- Transfer Direction
Rule execution algorithm:
- Skip
- Re-write
- Resume
- Rename
- Ask user
Files size and checksum verification can be performed after file transfer to make sure that the data has been successfully transferred.
File renaming rules
This feature allows you to set a file names/extensions change order when transferring files to/from a server.
Please add a new rule and set a mask, for example: *.htm -> *.html.
You can also set a case change order by checking the "Case Sensitive" option.
Actions
Here, you can choose actions which should be executed after uploading/downloading data to/from a server.
Actions available:
General interface settings
Set a start directory which will be opened on program startup, an interface font, and the special option which determines the program's main window position, size and column width. Save layout: saves current columns width and file list display settings (file name, date, size, accessed date and time, etc.)
Please specify if the program should display icons associated with a file.. You can configure the file list settings as desired: enable multicolored icons or just show plain folders.
Prompt
Specify if the program should ask for confirmation when:
Sounds
Set sounds for specified tasks, for example:
Different countries use different date format, therefore FastTrackFTP offers you a choice between the European (DD/MM/YYYY) and American (MM/DD/YYYY) date format.
Error correcting
The software automatically recognizes formats and corrects user errors when he/she enters an address.
Browsing
Here, you can configure file list settings/formats.
Language Settings
The program allows you to change the program's interface language. To translate the interface to a desired language, please copy the contents of the language.lan file to the yourlanguage.lan file and translate the text inside to a desired language.
HTML Editor
FastTrackFTP features a built-in HTML editor.
There are two buttons: "Run" and "Edit". Click on Run to launch the default application associated with the current file type. By default, clicking on Edit launches the built-in text editor, however the program also allows you to set any other text editor as the default. You can edit files directly on a server using the simple built-in text editor.
Security
Security and reliability are the foundation stones on which FastTackFTP is based. The software supports the wide range of security features offered by the SFTP/SSH, SSL/TLS and PGP transfer protocols. To enable this, please specify/configure encryption algorithms/settings, digital certificates and other options on the SSH, SSL and PGP tab. More detailed info on the secure data transfer options follow.
Sometimes users do not know the software installed on their machines well enough to be sure that their system is secure or if their data is protected.
Encryption is performed using cryptographic algorithms. Such algorithms are well known and extensively analyzed by cryptography experts and mathematicians. The strength of such algorithms is time-tested and time-proved. The only secret part of encryption is the key used to encrypt/decrypt data.
The level of protection is determined not only by the encryption algorithm itself, but also by the way the algorithm is used. Internet security protocols, for example, pay special attention to how keys are created and used.
SSL FTPS (File Transfer Protocol using SSL)
Development and growth of the Internet made secure data transfer methods absolutely essential. One of the first technical solutions was the SSL (Secure Socket Layer) protocol. It is wide spread and most Web browsers, FTP-clients, Web servers and hardware systems support it. SSL protocol provides session-level identification and encryption, establishes the client-server channel and ensures data transfer security and privacy by means of encryption.
A simplified work scheme of the SSL protocol can be represented in the following way:
A client sends a greeting message to a server. The message contains the following info: protocol version and encryption methods supported by the client, a random number and a session ID. The server responds with its own greeting message or an error message. A server greeting message is similar to a client message, and "tells" the client which encryption algorithm to use.
After sending a greeting message, a server can send its certificate or a certificate chain (a group of certificates, where all certificates but one are signed by a previous certificate) for identification. Identification is required for key exchange, except when the anonymous Diffie-Hellman algorithm is used. Key exchange can be performed by means of certificates (which
determine the encryption algorithm) when establishing a connection. Usually, X.509.3 format certificates are used. A client receives a public server key, which can be used as a current session key. After a server certificate is sent to the client, the server can request a client certificate.
Then, a successful connection notification message is sent and both sides can start encrypted data transfer.
FastTrackFTP supports SSL 2, SSL 3, TLS 1, and TLS 1.1
FTPS supports two channel protection modes: Explicit and Implicit.
Explicit and Implicit Security
Explicit security mode implies an explicit switch to a secure data transfer mode: the server switches to a secure data transfer mode after a corresponding command is received from the client.
In Implicit security mode, a secure channel is established immediately when connected to an FTP server.
Secure FTP (SFTP), SSH (Secure Shell)
Secure FTP (SFTP) provides safe authorization, integrity and privacy of data transfer using SSH protocols
SSH (Secure Shell) - a data transfer protocol quite similar to SSL, however there are some differences. SSH was originally intended to exchange messages between Unix-based servers and requires identification on both sides. Moreover, SSH supports logical channels over already established sessions and uses so-called "key pairs" (instead of certificates) for identification.
Unlike certificates, key pairs are generated by a client, not by a Certificate Authority. To verify the identity of a key pair, trusted storages are used. Such storages house client/server public keys, and more. Which storages can be trusted and which cannot are determined by a client.
Symmetric encryption algorithms
In symmetric encryption, the same algorithm and key are used when encrypting and decrypting data. That's why it's called "symmetric". Another name of the method is "secret key cryptography".
Let's assume you'd like to protect some sensitive data from unauthorized access. You could use special software and encrypt your data with a popular encryption algorithm and get an encrypted file and a byte chain (key). As a rule, a key is rather small and can be represented as plain text. You should simply keep the key in a safe place. Now, even if an unwanted person gets access to your data, that person won't be able to decrypt it without the key. To decrypt the data, you need the encryption utility itself and the encrypted file and key.
The advantage of symmetric encryption is that you need to keep secure only a key, but not the whole data. The key size does not depend on the size of the data encrypted. Despite its advantages, the method becomes useless if the data is sent over insecure (open) channels. The recipient needs the key to decrypt the data. However if you send the key over the same insecure
channels as you send the data, everyone who can intercept the data can intercept the key as well, thus, encrypting of the data becomes useless. If you have a secure channel to send the key, you might as well use it to send the unencrypted data, thus, again, there is no need for data encryption. That is why special key exchange algorithms were invented. We will get back to this later.
Key generation
Since almost any byte chain can be used as a key (the length of the chain must meet the requirements of the algorithm used), random-number generators are used to generate keys. The main goal of a random-number generator is to create a unique key, since security depends greatly on key uniqueness. The best key generator is a generator for which it is difficult (almost impossible) to guess what number (key) will be generated next. Special statistic random sequence tests are used to check the security level of random-number generators.
Pseudo-random-number generator
There are two stages in a pseudo-random numbers generation process. In the first stage, a generator obtains some variable which changes with time, say, system time, a mouse cursor position, etc. In the second stage, a generator performs a digital function and a hash function. As a result, a byte chain is created (on the basis of original variables).. If the same variables are used twice, we will get the same two hash function results. However, if at least one bit in the input variables is different, we get two completely different results.
However, such variables as system time or a mouse cursor position can be easily calculated or guessed. Such data cannot be considered random without further processing.. That is why the second stage is necessary.
Not every hash algorithm is suitable for cryptography. Nowadays, there are several popular hash algorithms. Some of them are described below.
MD5
After several unsuccessful tries (MD3 and MD4) to improve the MD2 algorithm, Ronald Rivest developed the MD5 algorithm which became very popular. It is faster and more secure than MD2 and generates a 128-bit random sequence.
SHA-1
The SHA-1 algorithm is similar to MD5, but has improved internal structure and generates a longer (160-bit) random sequence. It has been approved by cryptology experts and is recommended for use. FastTrackFTP supports SHA1_96, MD5 and MD5_96.
Block encryption and stream encryption in symmetric algorithms. Now you already know how keys are generated and how your data is prepared for encryption. When data is encrypted using symmetric algorithms, the following encryption methods are used: block encryption and stream encryption.
Block encryption
In the case of block encryption, data is divided into blocks of equal length and every block is separately encrypted using the same key. If the data cannot be divided into equal blocks, the last block will be enlarged to the required size. In thte case of block encryption, if the same data is encrypted with the same key several times, the encryption results are identical.
Stream encryption
Unlike block encryption, in the case of stream encryption, every byte
is encrypted separately. Pseudo-random numbers which are generated on the
basis of the key are used for encryption. The encryption result for each
byte depends on the encryption result of a previous byte. This method features
high performance and is used to encrypt data sent over communication channels.
Popular symmetric algorithms
RC5
RC5 uses stream encryption. RC5 is used in the SSL protocol.
DES (Digital Encryption Standard)
DES uses block encryption and a 56-bit key. It was developed by IBM and the NSA (National Security Agency) of the USA in the late seventies. Electronic Frontier Foundation cracked the key and decrypted the text encrypted with DES in less than 24 hours in 1999.
Triple DES
Triple DES has replaced DES. It uses block encryption. The basic algorithmic principles have not changed, however in Triple DES data blocks are encrypted with three different keys. Thus, Triple DES uses a 168-bit key. Later, a vulnerability lessened the time required to crack a 168-bit key to the time required to crack a 108-bit key. Basically, a 108-bit key is sufficient for quite reliable encryption today. However, in the future, it will be insufficient. One more disadvantage of this algorithm is its low processing speed.
AES (Advanced Encryption Standard)
When NIST (National Institute of Standards and Technology) announced the developers contest for a new encryption algorithm, one of the main terms was that developers must relinquish any intellectual property. This has allowed the new standard to be free. All "candidates" (algorithms) were extensively examined by the world community and on October 2nd, 2000, NIST announced the winners. They were two Belgian cryptographers: Joan Daemen and Vincent Rijmen. Since that time AES has become a world cryptographic standard and is now supported by almost all security applications.
Blowfish
Blowfish uses block encryption with a 64-bit key of variable length. The algorithm has two stages: key expansion and data encryption itself. Key expansion transforms a key into a 448-bit key. Data encryption is based on a sixteen iteration Feistel network. One of the main benefits of this algorithm is speed: most of the time is spent on key expansion which is performed only once.
FastTrackFTP supports DES, TripleDES, Blowfish, Twofish256, Twofish192, Twofish128, AES256, AES192, AES128, Serpent256, Serpent192, Serpent128, ARCFOUR, IDEA, and CAST128.
Asymmetric encryption algorithms, public key cryptography
Asymmetric algorithms can encrypt data, however, they shouldn't be used if you need to send encrypted data to another person, since in this case you will also need to send a corresponding key. Sending the key over an insecure channel is equal to sending un-encrypted data over the same channel. Asymmetric key cryptography (public key cryptography) solves the problem.
Public key cryptography uses a pair of cryptographic keys, designated as public key and private key. The private key is generally kept secret, while the public key may be widely distributed (everyone may use your pubic key). For example, you'd like to encrypt data and send it to another person. All you have to do is encrypt the data using the person's public key. After this, no one but the owner of this public key will be able to decrypt the data. Even you won't be able to decrypt the data (say, in case you have deleted the original un-encrypted data). Thus, should you wish to receive sensitive data, so that no one can access it, you need to create a public and a private key. You should keep the secret key in a safe place, while the public key may be widely distributed. You can even place your public key on your web site so that everyone can send you secured data encrypted by your public key. You can decrypt such data using your private key known only to you.
The disadvantage of asymmetric algorithms is that they are slower than symmetric algorithms. Therefore, if one needd to send large amounts of secret data, it is usually encrypted with a symmetric algorithm, and the key used is encrypted by means of an asymmetric algorithm (with a public key). Thus, the data is encrypted rather quickly, since a symmetric algorithm is used, and
there is no danger in sending the key over insecure channels, since the key itself is encrypted. Generally, a symmetric key is used only once, a new key is generated each time a new document is encrypted. That is why a symmetric key is often called a "session key". In fact, a user might have no idea which session key was used, since he (or she) has provided only the public key, everything else was done by software.
Asymmetric encryption algorithms are based on the use of one-sided functions. This means that even if you know the result, you won't be able to get the original data. To illustrate, if you know the sum of two numbers, you do not know exactly which numbers were added up to get that sum.
Popular asymmetric algorithms
RSA
When Whitfield Diffie and Martin Hellman published their article, in 1976, Ron Rivest along with Adi Shamir and Len Adleman had also shown interest in this matter and developed (in 1978) the RSA algorithm. The letters RSA are the initials of their surnames. RSA uses a 1024-bit or 2048-bit key and is now widely used.
Certificates
After two programs have interchanged the keys, they can encrypt data sent to each other. However, a violator can substitute the real server with a false one and send its own key while interchanging keys. To make sure that the application sends data to the correct recipient only, digital signatures are used.
Digital signatures are used to verify the identity of the sender. As you already know, the recipient's public key is required to encrypt a message so that only the recipient can read it. Such messages can only be decrypted with a recipient's secret key. However, what if you encrypt a message with your secret key? Such messages can be read by people who have your public key and thus the message it not secure. Nobody but you (the owner of a secret key) can encrypt data so that other people can decrypt it with your public key. Thus, when you create/encrypt a message with your secret key, you verify your identity, so anyone who decrypts the message with your public key can be sure that you are the author of the message. Since asymmetric algorithms are
rather slow, there is no sense in encrypting the whole message; only the message size is encrypted. This procedure consists of two stages: first you calculate the message size and then encrypt it with your secret key. When the message is sent, the encrypted size is included. The recipient calculates the message size, decrypts the attached size using the same algorithm and
compares the results. If the sizes are equal, this means that this is the original message and it has not been modified during transfer.
Sounds good, but how can we be sure that a public key received actually does belong to a specified person? After all, someone could have substituted a false key for the original key.
To verify that a public key belongs to an individual, digital certificates are used. A certificate contains identity information (the name of a person, its personal ID data, and so forth) and cryptographic info (a public key and a Certificate Authority's (CA) digital signature). A Certificate Authority's (CA) digital signature verifies that a certificate belongs to the individual specified in it.
Thus, though the scheme has become more complicated, it has also become more secure. For example, if you'd like to obtain a digital certificate, depending on the certificate's security level, you will need to send a request to a Certificate Authority or go there in person, so that the CA could make sure that you are the one who has applied for the certificate. Thus, a CA binds together your identity info and your public key in a certificate and signs it using its secret key.
To make sure that a message was sent by you, a recipient does the following:
1. Obtain a CA's public key
2. Verify a certificate's signature using this key
If the signature does belong to a CA, then the certificate information is authentic. In case of problems, this CA is responsible for information specified in the certificate.
To prove that a signature does belong to a CA, the CA should have its own certificate that would verify its public key. In this case, a self-signed certificate is used. A self-signed certificate is an identity certificate signed by its own creator. That is, a CA that created the certificate also signed off on its legitimacy. You can create a self-signed certificate yourself too, but this does not mean that people will trust your certificate. For security reasons, it is not recommended that you trust self-signed certificates unless they belong to a root certification authority.
If you create a self-signed certificate for your company, you can use it to sign all your company employees' certificates (but only for your company employees). This allows you to not only create as many certificates as needed, thus, saving time and money, but also to increase your company security level. Certificates can also be used by applications. This can be extremely useful in cases where applications exchange data over open (insecure) channels.
Trying keys
No matter what algorithm is used, it is always possible to decrypt data by trying all possible keys. The only problem is the time this would take. The longer the key, the more secure is the encrypted data. To illustrate, trying possible values of a 128-bit key would take several thousand trillion years. With development and growth of computer power, the time required to try all values of a 128-bit key will decrease, however in the near future a 128-bit key will be enough to provide reliable and secure data encryption.
Trying an asymmetric key is an even more difficult task, since asymmetric
keys are much longer than symmetric keys. Guessing such a key will take
even greater amounts of time, since this method involves a factorial expansion
of a big number. Nowadays, there are no effective algorithms which would
allow you to perform such calculations in a reasonable amount of time.
Thus, public key cryptography is considered to be secure.