Public Key Infrastructure (PKI)

Written by on  
COVER_PAGE

One of the most important concepts of security is encryption. Encryption is the method used to convert meaningful messages into a ciphertext (meaningless message) such that it can only be understood by the person having the necessary information to convert it back to the original message. A concept used within encryption is that of keys. Keys are used to encrypt and/or decrypt messages. Depending upon the usage of the keys, the encryption can be either symmetric or asymmetric

Public Key Infrastructure (PKI)

Introduction

One of the most important concepts of security is encryption. Encryption is the method used to convert meaningful messages into a ciphertext (meaningless message) such that it can only be understood by the person having the necessary information to convert it back to the original message.
A concept used within encryption is that of keys. Keys are used to encrypt and/or decrypt messages.

Public Key Infrastructure is a way to securely share keys for encryption and decryption.

Asymmetric Encryption

Let us assume that John wants to send an important parcel to Ted. To make sure that the actual contents of the parcel cannot be viewed by anyone, Ted sends him a special lock and key (Public key). Once the parcel is locked by that key, it can only be opened by a key (Private key) Ted has kept with him. Anyone having the key given to John would NOT be able to open it. This makes the parcel quite secured.

Certification Authority

Now, let us assume that a thief tampers with the package and changes the key and lock. This way Ted gets impersonated and there is no way to verify if the contents are by Ted. To make sure that this does not happen, there is an authority known as the certification authority that verifies the integrity of the key sent. A certificate will be issued, containing the necessary details of Ted and his public key. Let us imagine this to be a public billboard. The certificate on the bill-board will have the public key along with the lock diagram. This certificate will be signed by the necessary Post office head.

Putting this in technical terms, let us assume two machines A and B. A sends its public and private key to the Certification Authority along with the necessary details such as name, domain etc. The authority then creates a message. This message along with the message hash is bundled into a certificate. It is also to be noted that the message hash is now signed. Once a hash has been signed, it can be verified by any person having access to the public key and message. This certificate is the encrypted via the public key of B and then sent.

The Final Block

Machine B decrypts the package using its private key to find a certificate. To test that the certificate is not tampered, it generates the message hash and compares it with the signed hash using the public key.

enter image description here

Conclusion

The above method can be used as a secure way to pass keys and is also used by browsers and servers to provide SSL encryption (HTTPS)

Share:

1 comment: