Within the PKI framework, who you are is defined by the private keys you possess. From the point-of-view of PKI authentication authorities, you are your private key. In order to understand PKI, you will first have to understand some basic cryptological concepts. In Figure 1 the concept of a secret key is presented. Alice and Bob often are used as examples of the two parties engaged in a secure communications channel, and we will use them here. In this case, Alice and Bob both possess the same secret key. This can be a password, a token, or some other form of secret. Alice encrypts the plaintext that she wishes to send to Bob using her secret key. After Bob receives the ciphertext, he decrypts it using the same secret. The fact that the same key is used for both encryption and decryption determines that this is a symmetric exchange.
PKI relies on a public/private key combination. The public and private keys are mathematical entities that are related. One key is used to encrypt information and only the related key can decrypt that same information; however, if you know one of the keys, it is computationally unfeasible to calculate the other. Your public key is something that you make public. It is freely distributed and can be accessed by everyone. A corresponding (and unique) private key is something that you keep secret. It is not shared with anyone. Your private key enables you to prove, unequivocally, that you are who you claim to be.
In Figure 2, Alice uses public key cryptography to send a ciphertext to Bob. She first locates Bob’s public key (normally from some type of directory service or from a previous secured document that Bob has sent to her) and encrypts the plaintext with Bob’s public key. She sends the encrypted text to Bob. Only Bob has the corresponding private key that can be used to decode the ciphertext.
Note that in normal practice, for performance reasons, the actual ciphertext is encrypted using a secret key algorithm as shown in Figure 1. Symmetric algorithms are much faster than public/private key algorithms (asymmetric cryptography). A random key (the session key) is generated, and it is used with the symmetric algorithm to encrypt the information. The public key is then used to encrypt that key and both are sent to the recipient. The private key is then used to decrypt the session key, and the resulting session key is used to decrypt the actual data.
The developers of public key cryptography were economical with keys. Both the public and private key are used for more than just encrypting and decrypting data or session keys. The private key also is used to digitally sign the sent message so that the sender’s identity is guaranteed. If the sender wishes to prove to a recipient that they are the source of the information (perhaps they accept legal responsibility for it), the sender uses his or her (or its) private key to digitally sign a message (a digital signature). Unlike a handwritten signature, a digital signature is different every time it is created. To create the digital signature, a hash of the message is signed (encrypted) with the sender’s private key The encrypted value either is attached to the end of the message or is sent as a separate file together with the message. The sender’s public key that corresponds to this private key may also be sent with the message, either on its own or as part of a certificate.
The receiver uses the sender’s public key to verify that the message hash calculated by the receiver (when certificates are used, the type of hashing algorithm will be included in the public key certificate sent with the message) is the same as the original hash. If the values match, the receiver is reasonably assured that the sender (the individual or device that owns the private key that corresponds with the public key) sent the information. The receiver also is reasonably assured that the information has not been altered since it was signed. This exchange forms the basis for two key security principles: nonrepudiation (the identity of the sender is verified) and message integrity (the contents of the message have not been altered in transit). Table 1 summarizes the intended use and owner of both public and private keys in public key cryptography.
Function
|
Key Type
|
Key Owner
|
|---|---|---|
Encrypt Data
|
Public Key
|
Bob (Receiver)
|
Sign Data
|
Private Key
|
Alice (Sender)
|
Decrypt Data
|
Private Key
|
Bob (Receiver)
|
Verify Data Integrity
|
Public Key
|
Alice (Sender)
|
3 comments:
Can you tell me something about the services of Digital Centrex and Avaya VoIP .If you have any information regardint to this then plz ping me.
I enjoyed reading the complete article, you have discussed the concept of public key cryptography in such a good way. I would like to know what is the role of this authentication technique in digital signature technology.
public key infrastructure
thank you for the post , visit us for
best telephone solution for business
Post a Comment