PKI
Public-Key infrastructure (PKI) is the integration of software, hardware, encryption technologies and services for managing public keys. PKI provides for the four basic requirements of a secure system:
- Confidentiality to keep information private.
- Integrity to prove that information has not been changed.
- Authentication to prove the identity of the sender.
- Non-repudiation, which ensures that the information originator cannot deny ownership.
How these requirements are acheived?
- Cryptography allows data to be transmitted across a vast public network such as the Internet while preserving the confidentiality of its contents.
- Integrity is ensured because only data that has not been tampered with can be decrypted.
- The trusted CA that validates the identity of the recipient’s public key preserves authenticity.
- Ownership of the data cannot be repudiated once it has been signed by the sender’s public key.
There are two basic operations common to all PKI’s, certification and validation. Certification is the process of binding a public-key value to an individual, organization or other entity or even to some other piece of information such as a permission or credential. Validation is the process of verifying that a certificate is still valid.
Cryptography is the essential building block of PKI. There are two froms of Cryptography that are currently in use:
- Private Key Cryptography, also known as Symmetric Encryption
- Public Key Cryptography, also known as Asymetric Encryption
In Private Key Cryptography both the receiving and sending parties use the same key to encrypt and decrypt data. Whereas in Public Key Cryptography there are separate keys for encryption and decryption of data, these keys are mathematically related and cannot derived from one another. Cryptosystems There are three primary cyrptosystems to choose, namely symmetric, asymmetric, and a hybrid of the two. Examples of symmetric algorithms are: DES (Data Encryption Standard)- 56-bit key Triple DES - Runs DES 3 times Rijnadael also known as AES (Advanced Encryption Standard) - 256-bit key Examples of asymmetric cryptosystems also known as "Public Key" cryptosystems are: RSA Elliptical Curve Diffe-Hellman Hybrid Cryptosystems The third cryptosystem is a hybrid of the previously two mentioned systems. Symmetric algorithms are used to encrypt data and asymmetric algorithms are used to protect the symmetric keys. This option provides the performance of symmetric encryption and the key management features of asymmetric encryption. Some of the more advanced encryption products provide this feature. Examples of some the more popular algorithms have been previously mentioned. There are many other good algorithms to choose from. However, avoid using proprietary algorithms. Established algorithms have been thoroughly tested and their strengths and weaknesses have been established. If you use a proprietary algorithm, you will run the risk that someone may find a new vulnerability within the algorithm and therefore significantly diminish its ability to keep your information secure. ......this document is not complete, still working on it
