Public Key Cryptography Demystified
As the technology of computing has
become more integrated into our daily lives, information security is becoming
an increasing challenge. More and more confidential personal information, legal
documents, commercial transactions, and sensitive data are being transmitted
over campus networks and the Internet every day.
At the same time, the network environment is becoming more hostile and vulnerable
to attack. Public key technology has an important role to play in helping us
protect our information and to be able to rely on the network to handle transactions
of increasing value.
Public key systems enable separate parties to conduct a trusted exchange of
information even if they have never met or shared no secrets beforehand.
Such systems help to address the basic problems of digital security: authentication
(Are you who you say you are?); authorization (What are you allowed to do or
access?); protection (You might intercept my information, but you can't decipher
it.); information integrity (Can we agree that what I sent is exactly what you
received?); and private channels (Can we open a communication link that others
can't access and can we assure ourselves of the integrity of that channel?).
What is PKI?
PKI is the acronym for Public Key Infrastructure. The technology is called Public
Key because unlike earlier forms of cryptography, it works with a pair of keys.
One of the two keys may be used to encrypt information, which can only be decrypted
with the other key. One key is made public and the other is kept secret. The
secret key is usually called the private key. Since anyone may obtain the public
key, users may initiate secure communications without having to previously share
a secret through some other medium with their correspondent. The Infrastructure
part of PKI is the underlying systems needed to issue keys and certificates
and to publish the public information.
Public Key Certificates
A public key needs to be associated with the name of its owner. This is done
using a public key certificate, which is a data structure containing the owner's
name, their public key and e-mail address, validity dates for the certificate,
the location of revocation information, the location of the issuer's policies,
and possibly other information, such as their affiliation with the certificate
issuer (often an employer or institution).
The certificate data structure is signed with the private key of the issuer
so that a recipient can verify the identity of the signer and prove that data
in the certificate has not been altered. Public key certificates are then published,
often in an institutional LDAP directory, so that users of the PKI can locate
the certificate for an individual with whom they wish to communicate securely.
Encryption and Signing
A secret key allows two transformations of data to occur. Plain text is transformed
to cipher text, which is unreadable until it is transformed back to plain text
using the secret key. A public-key system uses the encryption and decryption
functions in turn to implement two primitive operations, data encryption and
To encrypt data you use the public key of the recipient to transform a plain
text message to cipher text. The cipher text of the message can be converted
back to plain text only by using the corresponding private key. Because this
private key is known only by the intended recipient, only that individual can
decrypt the message.
A signature is created by transforming plain text to cipher text using the
private key of the signer. A signature is verified by looking up the public
key of the signer and attempting to transform the cipher text of the signature
back to plain text. If the operation is successful, this verifies that the data
encryption was done with the corresponding private key. This implies that the
signature was produced by the owner of that private key.
The most common PKI-based applications include authentication to—and authorization
for—the use of Web resources, signed and secured e-mail messages, and electronic
document signatures. Each of these functions is implemented in appropriate software
Web Browsers and SSL
PKI is built in to all Web browsers that use Secure Sockets Layer (SSL). SSL
is a protocol used to protect data transmitted between a client application
and a server. An SSL connection is secured by using the PKI certificate of the
Web server to share a symmetric key with the Web browser, which is used to encrypt
data exchanged between them.
When SSL is being used to communicate with a Web server, the "security" functions
of the Web browser allow the end user to check the validity of and view the
associated Web server's certificate.
This is currently the most common application of SSL. Because it works with
no further user interaction, most people are unaware of the other PKI certificate
and security features.
Some Web browsers also allow you to store and use personal PKI certificates
for authentication. The key pair and certificate are used with Web servers and
sites that require authentication through client-side SSL connections. In a
client-side SSL connection, your Web browser authenticates you by using your
private key to decrypt a message encrypted by your public key. Depending on
the features of the browser, you may need to specify which certificate is to
be used if you have several. Some browsers will select a certificate that will
work based on which other certificates were used to sign it.
PKI and OASIS Standards
In November 2002 the PKI Forum, which originally developed PKI, joined
OASIS (Organization for the Advancement of Structured Information Standards),
the non-profit global standards consortium. PKI has now been integrated
into OASIS projects, including Security Assertion Markup Language (SAML),
XML Access Control Markup Language (XACML), Service Provisioning Markup
Language (SPML), and Digital Signature Services (DSS) protocol. The OASIS
vision is to develop standards, based on the eXtensible Markup Language
(XML), that will provide security for transactions and user interactions
via the Web.
Security Assertion Markup Language (SAML) is a standard used to
define how users will be authenticated and authorized to access computer
systems or information.
XML Access Control Markup Language (XACML) allows the IT department
to assign users specific access privileges, controlling who will be allowed
to access certain documents and who can make changes to them.
Service Provisioning Markup Language (SPML) is used to set up
a structure for authenticating and encrypting user requests for access
to computer systems and data. Beyond the security of who is allowed to
access these assets, SPML also helps system managers balance computer
resources with user demands.
Digital Signature Services (DSS) protocol will be used to set
up a standard way of handling digital signatures and will assure, through
a time stamp, that the signature was authorized with a valid PKI. DSS
is under development with an OASIS technical committee.
For more information visit www.oasis-open.org.
Your Private Key
In a PKI-based protocol, transforming some data using the private key is needed
to provide the identity of the person or device participating in the application.
This private key is connected to a certificate containing the corresponding
public key. Showing that you can use that private key demonstrates the connection
to the name of the subject in the certificate. Simply having a public key certificate
in your possession proves nothing.
Use of the private key is generally controlled by a password set in the browser.
Depending on the features of the browser, you may be asked for the password
whenever the private key is used. This is the preferred way to set the configuration.
Otherwise, once the password has been provided, anyone with access to the computer
can use the private key.
Web browsers typically have features that let you examine, import, and export
certificates and keys. Certificates can be personal or accepted by the users
for certain trusted companies or authorities. Once an SSL connection is established,
the server certificate in use can usually be examined by looking at the properties
of the page transmitted over the SSL connection.
Certificates and keys are most commonly stored on the hard disk of the computer
you are using. In addition to providing the password when the private key is
used, usually the password is also required to import or export keys and certificates.
Some browsers also support key and certificate storage in a secure external
device. Again, a password is often used to gain access to the key and certificate.
Certificates issued to Web servers and individuals are signed by a Certificate
Authority (CA). The signature on a certificate identifies the particular CA
that issued a certificate. The CA in turn has a certificate that binds its identity
to its public key, so you can verify its identity. A CA publishes a policy defining
its practices so users of certificates issued by that authority have a basis
to make a trusted judgment for transactions based on PKI.
To enable separate institutions to establish trust relationships between themselves,
CAs can have their certificates signed by other authorities that audit their
practices. These chains of certificates do finally end with a certificate that
is self-signed, which is known as a "root" certificate.
Both Web browsers and Web servers begin with a list of known root certificates
that they "trust." You can add other root certificates to a Web browser or Web
server certificate store for additional CAs that you are willing to trust.
Web browsers alert you when you begin a transaction that involves a new CA.
To proceed with the transaction, you must accept the new certificate either
temporarily or permanently. The alert dialog allows you to view the new certificate
so you can make a decision.
You will need to set a password for your browser certificate store. The password
controls use of your key pair and should be kept secret.
The security of your personal password is a critical element in maintaining
the security of your private key. You should not share your password with anyone.
The password used to protect a certificate store is only known on your computer
and can't be recovered by your local computer support staff.
Encrypting a file and then finding yourself unable to decrypt it is a painful
lesson. So it is very important to create a password that you will remember.
Give your choice some thought in advance of starting to obtain your key pair
It is important to remember that authentication and authorization are separate
issues. Any non-trivial application needs to address both questions.
The SSL protocol using a client-side certificate will have established the
identity of the end user by having the Web server check the personal certificate's
validity. The Web server's SSL code checks that the certificate is not expired
and is signed by a chain of valid and accepted institutional and root certificates.
The server can be additionally configured to check a Certificate Revocation
List (CRL) for revoked certificates.
Depending upon the application, satisfying these conditions may be adequate
authorization. However, the contents of the client certificate are available
to the Web server in environment variables.
An application can implement additional required authorization-checking logic
using the certificate contents and other information retrieved from other sources.
A number of modern e-mail clients use the MIME standard for encoding data. S/MIME
is an extension of MIME that allows PKI signatures and encryption of the mail
contents. To use S/MIME you need to have a public/private key pair and an associated
public key certificate. Using S/MIME features in an e-mail client requires the
same use of the private key, public key certificate, and certificate store password,
as described earlier, for using SSL in a Web browser.
A number of applications are also available to electronically sign documents
using PKI. You will need to archive the public keys used to sign documents in
order to be able to verify the signatures in the future.
Effective PKI tools for higher education will greatly facilitate academic and
administrative communications. PKI can address much of higher education's needs
for the secure control, access, and usage of digital information. As institutions
of higher learning, we have a responsibility to contribute to the creation of
new systems and the development of new safeguards and lead the way in their
Top 10 Academic Applications of PKI
1. Controlled access to copyrighted materials for students.
2. Publishing Web sites that have public and private parts.
3. Replacing IP address access controls at information vendor
4. Electronically signed submission of student assignments with
5. Protecting sensitive data used by researchers.
6. Enhancing the availability of sensitive data.
7. Securing wireless networking.
8. Student and faculty electronic interaction with administrative
9. Applications for federal student loans and services.
10. Secure and private e-mail.