What is the Role of RSA in Ecommerce
In today’s world, it is very difficult to survive without internet and the best example of that is the increase of online businesses. E-business is the most popular business these days. They deal with a lot of sensitive data of their customers. Customers sit thousand miles away and use these online stores. These businesses are built mainly on trust. Trust that the customers’ information will be kept safely and securely and as well as the business details such as transactional data needs to be safely taken care of.
Earlier these information was taken care of by paper documents but with technological advancement, online handling of documents proved to be much more efficient. But what about the safety? With so many online clients, company stores a lot of information on online databases or data warehouses. Security has become a tremendously important issue. Technology has definitely been advanced but risk has increased as well with the increase of cyber crimes such as phishing, Hacking etc. Here comes the need of cryptography. Cryptography provides data security for such e-businesses.
The RSA Algorithm is commonly used for securing communications between web browsers and eCommerce sites. The reason for this is the resistance to attack. It is also well understood as many researchers have studied it over the years. The connection makes use of a secure socket layer (SSL) certificate, which is created from the public and private keys which you will know how to create soon! The resulting pseudo-random number forms the basis for the certificate, which is installed at each end of the connection to ensure protected communications.
What is RSA?
In 1978, Ron Rivest, Adi Shamir, and Leonard Adleman introduced a cryptographic algorithm, which was essential to replace the less secure National Bureau of Standards (NBS) algorithm. Most importantly, RSA implements a public-key cryptosystem, as well as digital signatures.
Asymmetric encryption uses a pair of keys for encryption, known as:
- Public key for encryption
- Private key for decryption
Messages encoded using public key can only be decoded by the private key.
Characteristics of asymmetric encryption are –
- Secret transmission of key for decryption is done.
- Every entity can generate a key pair and release its public key.
RSA Public key cryptosystem:
RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key which is kept secret.
A public encryption method that relies on a public encryption algorithm, a public decryption algorithm, and a public encryption key. Using the public key and encryption algorithm, anyone can encrypt a message. The decryption key is known only to authorized parties.
Operation of RSA
The RSA algorithm involves four steps:
- Key generation
- Key distribution
1. Key Generation
The steps are as follows –
- We choose two large prime numbers p & q.
- We then compute n=pq and z=(p-1)(q-1).
- We then choose an integer e such that (1 < e < z) and e and z are coprime (has no common factor other than 1).
- We find number d, such that (ed – 1) is exactly divisible by z.
- Keys are generated using n, d, e.
- Public key is (n, e).
- Private key is (n, d).
2. Key Distribution:
When two person wish to communicate using RSA in the above mentioned way key is generated for the sender.Receiver gives his public key to the sender.
Receiver gives his public key to the sender. Receiver gives his public key to the sender. Sender encrypts the message M into an integer m using a padding scheme.
To avoid attacks against plain RSA, practical RSA implementations typically embed some form of structured, randomized padding into the value m before encrypting it. This padding ensures that m does not fall into the range of insecure plaintexts, and that a given message, once padded, will encrypt to one of a large number of different possible cipher texts.
Now encrypt the message using the public key of the receiver with this following formula c = me (mod n) where m is plain text, c is cipher text.
The message can only be decrypted using the private key of the receiver which is never shared between them. Receiver can recover m from c by using her private key (n, d), and computing with the decryption formula:
m = cd mod n
Given m, she can recover the original message M by reversing the padding scheme.
The software or hardware used to generate keys should be tested against known weaknesses at all times, and customers should ask vendors questions about the process they used to test their cryptographic software. RSA Patent covers most of the commonly used techniques for public key encryption and digital signatures. RSA has been used extensively in various application from Bluetooth, MasterCard, VISA, e-banking, e-communication, e-commerce platform such as Magento. When a server is encrypted using RSA one can use tools such as puTTY to access the server. puTTY is an open source; free terminal emulator which provides the user interface to access the files on an encrypted server.
On puTTY you can give the public key for authentication so that you can manipulate the files on that server. These are mainly used by developers to give support to their client. They take the public key from client and do the required modification to communicate with the server. RSA is the first algorithm which supported secure communication without a shared key where the encryption is easy and decryption is hard without the private key. Hence it is often used in secure communication on the eCommerce sites.