Advantages of Public Key Cryptography

The advantages of public key cryptography are:

• No need to exchange the keys

• Another key cannot be derived from one key

• The confidentiality of the message can be ensured by using the public key cryptography

• It is possible to establish authentication of the sender by using public key cryptography (digital signature)

• It is possible to ensure the confidentiality and authentication of the message at the same time

• It is possible to use public key cryptography for session key exchange

Applications of PKC

Public Key Cryptography is used in a number of applications and systems software. Some examples of application of cryptography are:

• Digitally signed document

• E-mail encryption software such as PGP and MIME

• RFC 3161 authenticated timestamps

• Digital signatures in the Operating System software such as Ubuntu, Red Hat Linux packages distribution

• SSL protocol

• SSH protocol

Public Key Infrastructure (PKI)

A Public Key Infrastructure (PKI) enables users to securely transact through the use of public key cryptography. Key pairs are obtained from a third-party trusted authority called Certificate Authority (CA). The PKI provides an infrastructure to issue a “digital certificate” that identifies an individual or organization. Based on the identity of the

digital certificate, transactions are made securely over public networks such as the Internet. The PKI is based on the use of public key cryptography, which is commonly used.

A public key infrastructure consists of:

• A Certificate Authority (CA) that issues and verifies digital certificates. A certificate includes the public key or information about public key

• A registration Authority (RA) which verifies the user's authenticity for CA before CA issues a digital certificate

• A secured storage place to hold the certificates and public keys

• A certificate management system

• Hardware, software, policies, procedures, and people used to create, manage, and revoke digital certificates along with the distribution and storage of the digital certificates

A certificate contains information referring to a public key, issued by a Certification Authority (CA). The information in the certificate should conform to the ITU (IETF) standard X.509 v3. Certificates conforming to that standard include information about the published identity of the owner of the corresponding public key, the key length, the algorithm used, associated hashing algorithm, dates of validity of the certificate, and the actions the key can be used for.

Certificate Authority (CA)

A CA is responsible for issuing certificates. CA issues the digital certificate based on the recommendation of RA. This digital certificate is signed by the CA using its own private key. The CA issues the certificate which contains the public key of the party who owns the certificate. Certificates have to be purchased from the CA. CA can issue a certificate only after it confirms all the credentials to prove your identity. Once identity is proved, it stamps the certificate to prevent modifications of the details contained in the certificate. CA is analogous to a passport agency. An individual or organization may have any number of certificates issued by different CAs. Different web applications may insist to use a particular certificate. For example, a particular bank may insist to use a certificate issued by that bank for a secured transaction, whereas some other web site may accept any certificate issued by any CA.

Registration Authority (RA) is a third-party verification agency for a Certificate Authority (CA), to perform the verification of the organization or individuals who have applied for the certificate. Final component of the PKI is the Certificate Management System (CMS) through which certificates are published, renewed, or revoked. Examples of Certificate Authority (CA) include Verisign, Thawte,, RapidSSL, Network Solutions, GlobalSign, Digicert,, PinkRoccade, and PKI.CAcert. 24

Digital Certificate

Digital Certificate provides an electronic identity to conduct secure transactions by providing your identity (authentication). It is similar to a passport or driver's license. With a digital certificate, an organization or an individual can provide authentication for all the transactions with friends, business partners, and other online services. Digital certificate assures identity among all the parties involved in the transactions. The most widely used format of a digital certificate is as defined by the CCITT X.509 standards. 25 Digital certificate uses public key cryptography to verify the integrity of the certificate itself.

< Prev   CONTENTS   Next >