Unless otherwise noted, articles © 2005-2008 Doug Spencer, SecurityBulletins.com. Linking to articles is welcomed. Articles on this site are general information and are NOT GUARANTEED to work for your specific needs. I offer paid professional consulting services and will be happy to develop custom solutions for your specific needs. View the consulting page for more information.


Public Key Infrastructure

From SecurityBulletins.com

Jump to: navigation, search

Basics of Public Key Infrastructure (PKI)

Written 9/8/2006 by Doug Spencer

PKI, Public Key Infrastructure, is discussed like it is voodoo, when in fact it is pretty easy to understand. It is surrounded by terms that can make it difficult to understand. This article intends to clarify some of the mystery of PKI.

Here are some of the underlying principles of Public Key Infrastructure:

  • The PRIVATE key is NEVER distributed. This is critical. The private key is the what maintains your security.
  • The PUBLIC key can be distributed to anyone, in any fashion, without compromising security.
  • An optional, trusted third-party, known as a "Certificate Authority," can vouch for the authenticity of a particular certificate by signing a public key included in a "Certificate Signing Request."

There is more that can be included, but those are the basic pieces and principles.

A primary advantage of a Public Key Infrastructure over other forms of key exchange is that a secure channel is NOT needed to securely exchange keys. The public key of one of the participants can ONLY be used to encrypt information for that participant. Decryption requires the private key, which is secret and never distributed.

The "Certificate Authority" is a term used to describe a service that is trusted by both sides of the conversation to vouch for the authenticity of the certificate key. A Public Key Infrastructure Certificate Authority merely pushes the issue of trusting a certificate to a third party. You have to decide how much to trust the third party. Some Certificate Authorities will sign a limited time evaluation certificate to test compatibility and similar functions. Those evaluation certificates basically break the point of a certificating authority, they issue trusted certificates with no verification of the authenticity of the party submitting the certificate to be signed.

Using the characters Alice and Bob, the following story could be constructed based on PKI.

Alice is behind enemy lines and needs to get a message back to Bob who is in headquarters without Charlie seeing the message. Bob sends his public key out over shortwave radio using morse code and Alice picks it up over the air. Charlie also intercepts Bob's shortwave broadcast and has Bob's public key. Alice spray paints her public key on a wall that is shown on an international television channel. Bob transcribes the public key from the photograph and Charlie also gets a copy of Alice's public key.

Alice encrypts the message to Bob using Bob's public key and signs her message using her private key. Alice then posts the encrypted message to a public area where both Bob and Charlie access the message. Back at headquarters, Bob is able to use his private key to decrypt the message and verify that it has been untampered since it was signed by Alice. Charlie, who has access to both public keys and the encrypted message, is unable to decrypt the message without having access to Bob's private key.

The remaining issue in the scenario described above is that fact that Alice doesn't know for sure that the public key she got from Bob is actually Bob's key, or if it is a key that Charlie created that looks like it was a certificate from Bob and, similarly, Bob doesn't know for certain that Alice's key is legitimate. This is where the Certificating Authority would come into play. Alice could have her public key signed by a certificating authority who verifies Alice is actually Alice. This would be done using a certificate signing request. Bob can also get his public key signed by a certificating authority who verifies that Bob is actually Bob. The encryption software has preloaded certificate authorities who are trusted. The certificate authority is a trusted third party who allows the authenticity of Alice and Bob's certificate.

Using the public key infrastructure, a secure method of communication is not needed as it would be when using a shared secret or a symmetric encryption method. The only items that need to be secured are the private keys. In actual use, the private keys are usually protected with a passphrase and physical security.

Personal tools