Public Key Infrastructure (PKI) is a security architecture that has been introduced to provide an increasedlevel of confidence for exchanging information over an increasingly insecure Internet. PKI may involve the use of methods, technologies and techniques that together provide a secure infrastructure. PKI involves the use of a public key and private key pair for authentication and proof of content. A PKI infrastructure is expected to offer its users the following benefits: •certainty of the quality of information sent and received electronically •certainty of the source and destination of that information •assurance of the time and timing of that information (providing the source of time is known) •certainty of the privacy of that information
•assurance that the information may be introduced as evidence in a court or law These facilities are delivered using a mathematical technique called public key cryptography, which uses a pair of related cryptographic keys to verify the identity of the sender (signing) and/or to ensure privacy (encryption). How the Public Key Cryptography concept works
Public key cryptography uses a pair of mathematically related cryptographic keys. If one key is used to encrypt information, then only the related key can decrypt that information. Even if one of the keys is known, the other key cannot be easily calculated. Public key system consists of the following: •A public key. This is something which is made public - it is freely distributed and can be seen by all users. •A corresponding (and unique) private key. This is something that is kept secret - it is not shared amongst users. The private key enables its holder to prove his identity.
The Public Key used for Encryption
The sender of the message uses the receiver’s public encryption key to encrypt the confidential information. The receiver can provide his public key to the sender, or it can be retrieved from the directory in which it is published.
The Private Key used for Decryption
A private key is used to decrypt information that has been encrypted using its corresponding public key. The person using the private key can be certain that the information it is able to decrypt must have been intended for them, but they cannot be certain who the information is from. The Private Key for Signature
If the sender wishes to prove to a recipient that they are the source of the information (perhaps they accept legal responsibility for it) they use a private key to digitally sign a message (a digital signature). Unlike the handwritten signature, this digital signature is different every time it is made. A unique mathematical value, determined by the content of the message, is calculated using a 'hashing' or 'message authentication' algorithm, and then this value is encrypted with the private key - creating the digital signature for this specific message. The encrypted value is either attached to the end of the message or is sent as a separate file together with the message. The public key corresponding to this private key may also be sent with the message, either on its own or as part of a certificate. Note: Anyone receiving information protected simply by a digital signature can check the signature and can read and process the information. Adding a digital signature to information does not provide confidentiality.
The Public Key for Signature Verification
The receiver of a digitally signed message uses the correct public key to verify the signature by performing the following steps. •The correct public key is used to decrypt the hash value that the sender calculated for the information. •Using the hashing algorithm (where certificates are in use it will be stated in the public key certificate sent with the message), the hash of the information received is calculated. •The newly calculated hash value is compared to the hash value that the sender originally calculated. This was...