It will be helpful to understand modern software system like Kuberneteswith fundamental security concepts. For example, symmetric encryption, asymmetric encryption, public/private key, digital signature, certificate and signing.
Objective
Use diagram to illustrate critical security concepts used in modern software.
Concepts
Encryption
Symmetric encryption uses same key for both encryption and decryption; while asymmetric encryption use different but mathematically relatedkeys for enryption and decryption.
Symmetric Encyption can be illustrated in the following diagram:
Asymmetric Encryption can be represented as follows:
Message Digest
A message digest is a fixed size numeric representation of the conents of a message, computed by a hash function. While an encypted message digest forms a digital signature.
Signing
Signing is widely used in today’s software system from Secure Boot to TLS/SSL communication via HTTPS. Not mention to software package signing or electronic document signing like DocuSign.
How senser signs a document digitally?
How receiver verify the digital signature?
Certificate
Digital certificate is issued by a certificate authority(CA). Here is the digram to illustrate the process. To get a digital certificate, you need a pair of keys - public and private key. public key, its signature encrypted by private key, and organization information are packaged into Certificate Signing Request(CSR). The CSR will be approve and signed by a Certificate Authority(CA), and come back as a digital certificate. This certificate needs to be installed onto your server so that every browser client can talk with your server securely.
Once you got the certicate, you can understand how TLS/SSL cetificates work