Sunday 27 May 2012

Public Key Infrastructure (Digital Cert)

PKI is a security architecture that has been introduced to provide an increased level of confidence for exchanging information over an increasingly insecure Internet.  Public key cryptography uses a pair of mathematically related cryptographic keys.   If one key is used to encrypt information, then only the related key can decrypt that information. 
A certificate is information referring to a public key, that has been digitally signed by a Certification Authority (CA).  Certificates conforming to that standard include information about the published identity of the owner of the corresponding private key, the key length, the algorithm used, and associated hashing algorithm, dates of validity of the certificate and the actions the key can be used for. The CA takes responsibility for identifying (to a stated extent) the correctness of the identity of the person asking for a certificate to be issued, and ensures that the information contained within the certificate is correct and digitally signs it.



Generating key pairs
The CA may generate a public key and a private key (a key pair) or the person applying for a certificate may have to generate their own key pair and send a signed request containing their public key to the CA for validation.   The person applying for a certificate may prefer to generate their own key pair so as to ensure that the private key never leaves their control and as a result is less likely to be available to anyone else.

Issuing digital certificates
There are 2 ways of getting a digital cert, by either self-creating one or purchasing one. Before a CA issues you with a certificate they will make various checks to prove that you are who you say you are. CA issues you a certificate after you provide the credentials they require to confirm your identity, and then the CA signs (stamps) the certificate to prevent modification of the details contained in the certificate.
A CA may also state the quality of the checks that were carried out before the certificate was issued. Different classes of certificate can be purchased that correspond to the level of checks made.

Using certificates
An individual may have any number of certificates issued by any number of CAs.  

Verifying certificates
The public key certificate is signed by the CA to prevent its modification or falsification.   This signature is also used when checking that the public key is still valid. The signature is validated against a list of 'Root CAs' contained within various 'PKI aware' applications. 

A public key ; This is something that you make public - it is freely distributed and can be seen by all users.
A private key ; This is something that you keep secret - it is not shared amongst users.




REFERENCE: http://www.articsoft.com/public_key_infrastructure.htm
Posted by at

1 comment:

  1. Unknown30 April 2013 at 17:01

    Very nice article and great explanation regarding security point of view of the the public key infrastructure. Will be glad to read more posts like this one. Thank you.

    ReplyDelete

Subscribe to: Post Comments (Atom)