Platform security
Qlik NPrinting supports TLS (Transport Layer Security) a cryptographic protocol that provide communications security over a computer network. TLS is sometimes referred to as SSL (Secure Sockets Layer). TLS uses certificates signed by trusted certification authorities (CA). This also avoid security warning messages on the web browser.
Cryptography basics
This is an overview of cryptography basic concepts that you must know in order to use TLS certificates with Qlik NPrinting.
Symmetric-key cryptographic algorithms use the same key for both encryption and decryption. The key is shared between the parties that communicate and must be secret.
Asymmetric cryptography algorithms (or public key cryptography), use instead a pair of keys: one public and one private. The public key may be disseminated widely, and the private key is known only to the owner. If you perform an encryption or decryption with one key you can reverse it by using the other key. Which key you use depends on whether you are trying to do a digital signature or an encryption.
The process to implement an asymmetric encryption algorithm is composed by the following steps:
- generate the public and the private key
- distribute the public key
- encrypt
- decrypt
RSA (Rivest, Shamir and Adleman), used in Qlik NPrinting, is an asymmetric encryption algorithm. RSA is used to transmit encrypted shared keys for symmetrical cryptography which is faster.
A public certificate is an electronic public document used to prove the ownership of a public key. A public certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified that the content of the certificate is correct. If the signature is valid, and the user trusts the signer, then the user knows that the public certificate can be used to communicate with its owner.
PEM is an ASCII text format for public certificates. It is portable across platforms.
A public key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. A PKI includes a certificate authority (CA) that stores, issues and signs third party digital certificates. A certificate authority (CA) could be a company that sells you public certificates. OpenSSL is the simplest tool for PKI. OpenSSL is also open source and you can use it for free.
X.509 is a standard format for public key certificates, for example the ones used by Qlik NPrinting. An X.509 certificate does not contain the private key.
Transport Layer Security (TLS) is a cryptographic protocol that provides communication security over a computer network. Sometimes TLS is still called with the older name SSL (Secure Soket Layer). TLS connections are secured by using symmetric cryptography with a secret and unique key for each section negotiated at the beginning of the communication. The identity of the communicating parties can be verified by using public-key cryptography. Public certificates are an important component of the TLS because they prevent an attacker from impersonating other server.