Abstract- Public-key cryptography is a key technology for e-commerce, intranets, extranets and other web-enabled applications. However, to garner the benefits of public-key cryptography, a supporting infrastructure is needed. The Microsoft® Windows® 2000 operating system includes a native public-key infrastructure (PKI) that is designed from the ground up to take full advantage of the Windows 2000 security architecture. This paper describes the fundamentals of public-key security systems, including what benefits they offer and what components are required to implement them. It also describes how the Windows 2000 PKI components deliver the needed services while providing interoperability, security, flexibility, and ease of use. I.
Public-key cryptography offers significant security benefits when it's properly implemented. Like other enabling technologies, public-key cryptography requires an infrastructure to deliver its benefits. However, the public-key infrastructure, or PKI, isn't a physical object or software process; instead, it's a set of useful services provided by a collection of interconnected components These components work together to provide public-key-based security services to applications and users. This white paper has two goals: to explain public-key technology and its uses, and to describe the features and benefits provided by the native PKI in the Microsoft® Windows® 2000 operating system. Understanding both of these topics will help you to decide where you can use PKI technology to improve your business processes and increase your ability to securely handle transactions with others. In this paper, you'll learn what a public key infrastructure is, what desirable benefits it can offer your operations, and how the Windows 2000 PKI delivers interoperability, security, flexibility, and ease of use. II.
During the early history of cryptography, two parties would agree upon a key using a secure, but non-cryptographic, method; for example, a face-to-face meeting or an exchange via a trusted courier. This key, which both parties kept absolutely secret, could then be used to exchange encrypted messages. A number of significant practical difficulties arise in this approach to distributing keys. Public-key cryptography addresses these drawbacks so that users can communicate securely over a public channel without having to agree upon a shared key beforehand. In 1874, a book by William Stanley Jevons described the relationship of one-way functions to cryptography and went on to discuss specifically the factorization problem used to create the trapdoor function in theRSA system. Since the 1970s, a large number and variety of encryption, digital signature, key agreement, and other techniques have been developed in the field of public-key cryptography. The ElGamal cryptosystem (invented by Taher ElGamal) relies on the (similar, and related) difficulty of the discrete logarithm problem, as does the closely related DSA developed at the US National Security Agency (NSA) and published by NIST as a proposed standard. The introduction of elliptic curve cryptography by Neal Koblitz and Victor Miller independently and simultaneously in the mid-1980s has yielded new public-key algorithms based on the discrete logarithm problem. Although mathematically more complex, elliptic curves provide smaller key sizes and faster operations for equivalent estimated security. III.
What is public key cryptography?
When most people hear the words encrypt or cryptography, they immediately think of secret-key cryptography, wherein two parties share a single secret key that's used both to encrypt and decrypt data. Loss or compromise of the secret key makes the data it encrypts vulnerable. By contrast, public-key systems use two keys: a public key, designed to be shared, and a private key, which must be closely held. These keys are complementary: if you encrypt something with the public key, it can only be decrypted with the...
Please join StudyMode to read the full document