Data Protection and Security

   

VIII

Standards and Protocols

    

VIII.II

Public Key Infrastructure

    
   
 

In Chapter 4, we have seen different public key cryprography algorithms either for encryption and/or digital signatures. In all of these, remember that there are two keys per user. One of these keys is the private key which is known only by its owner. The other key is the public key which should be known by others who either want to send an encrypted message to the user or verify a digital signature orginated by the user. In chapter 4, we have also explained security attacks possible if the link between the public key and its owner is not established securely.

This problem of securely distributing public keys is not straightforward to solve. In this chapter, our first goal is to explore the components of the solution to this essential problem.

A public key infrastructure consists of components necessary to securely distribute public keys. It consists of:

  • Certificates
  • A repository for retriving certificates
  • A method of revoking certificates
  • A method of evaluating a chain of certificates from public keys that are known and trusted in advance (trust anchors) to the target name.

A (public key) certificate is a signed message vouching that a particular name goes with a particular public key. Here, the assumption is you know and trust the public key corresponding to the private key used to generate the certificate.


    

VIII.II.I Q

[+] Question

[-] Question

What if you do not know the public key to be used for verifying the certificate?

    
   
       
 
«previous session [1] [2] [3] next session »
   
       
 
«proceed to previous sectionproceed to next section »
  chapter index