Key Encryption

@font-face { font-family: "Cambria"; }@font-face { font-family: "Georgia"; }p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0cm 0cm 10pt; font-size: 12pt; font-family: "Times New Roman"; }div.Section1 { page: Section1; }

Public key encryption

A symmetric key cryptosystem is a cryptographic system where the sender and receiver share a secret key that enables them to encrypt and decrypt messages. This presents difficulties because you have to give the secret key to the receiving party, without an eavesdropper listening in.

In a public key/asymmetric key cryptosystem instead of having one key that encrypts and decrypts messages, you instead have a key pair for each partaking party. The key pair consists of a private key, and a public key. The public key is freely distributed, while the private key remains hidden to the outside world. Typically your public key is used by another party to encrypt a message, and you have to use your own private key to decrypt it.

A PKI is a Public-Key infrastructure. It is an infrastructure that allows you to recognize which public key belongs to whom.

There is a central authority that is called the Certificate Authority, or CA for short. The CA has a public/private key pair and publishes the public key. We will assume that everybody knows the CA’s public key. As this key remains the same over long periods of time, this is easy to accomplish.

To join the PKI, Alice generates her own key pair, and takes the public key PK(A) to the CA and says “Hi, I’m Alice and PK(A) is my public key.” The CA verifies that Alice is who she says she is, and then signs a digital statement that states something like “Key PK(A) belongs to Alice.” This signed statement is called the certificate. It certifies that the key belongs to Alice. If Alice now wants to communicate with Bob, she can send him her public key and the certificate. Bob has the CA’s public key, so he can verify the signature on the certificate. As long as Bob trusts the CA, he also trusts that PK(A) actually belongs to Alice.

Using the same procedures, they both know each others public key. These keys in turn can be used to run the key negotiation protocol to establish a session key for secure communications.

-- Public Key Encryption --

-- Certificate Authority (CA) --

Public Key Infrastructure (PKI)
PKI is a model for creating, distributing and revoking certificates based on X.509.

The duties of PKI:
 * Issuing, renewal and revocation of certificates


 * Storing and updating keys: A PKI should store keys of those members that demand it, and update them if a member requests it.


 * Providing services to other protocol: IPSec and TLS rely on the services provided by a PKI


 * Providing access control: For example, an organization PKI may provide access to the whole database for top management, but at the same time limit the access for the employees.

Trust Model
The trust model basically states that there should be many CAs, not one CA issuing all certificates in the world. The model defines rules that specify how a user can verify a certificate received from a CA.

Hierarchical Model
This is a tree-type structure with a root CA, which has a self-signed, self-issued certificate. It needs to be trusted by other CAs and users to work.

-- Different type of keys --

-- Key Management --