Public Key Cryptography Demystified

• By Robert J. Brentrup
• 04/29/03

As the technology of computing has become more integrated into our daily lives, information security is becoming an increasing challenge. More and more confidential personal information, legal documents, commercial transactions, and sensitive data are being transmitted over campus networks and the Internet every day.

At the same time, the network environment is becoming more hostile and vulnerable to attack. Public key technology has an important role to play in helping us protect our information and to be able to rely on the network to handle transactions of increasing value.

Public key systems enable separate parties to conduct a trusted exchange of information even if they have never met or shared no secrets beforehand.

Such systems help to address the basic problems of digital security: authentication (Are you who you say you are?); authorization (What are you allowed to do or access?); protection (You might intercept my information, but you can't decipher it.); information integrity (Can we agree that what I sent is exactly what you received?); and private channels (Can we open a communication link that others can't access and can we assure ourselves of the integrity of that channel?).

What is PKI?
PKI is the acronym for Public Key Infrastructure. The technology is called Public Key because unlike earlier forms of cryptography, it works with a pair of keys. One of the two keys may be used to encrypt information, which can only be decrypted with the other key. One key is made public and the other is kept secret. The secret key is usually called the private key. Since anyone may obtain the public key, users may initiate secure communications without having to previously share a secret through some other medium with their correspondent. The Infrastructure part of PKI is the underlying systems needed to issue keys and certificates and to publish the public information.

Public Key Certificates
A public key needs to be associated with the name of its owner. This is done using a public key certificate, which is a data structure containing the owner's name, their public key and e-mail address, validity dates for the certificate, the location of revocation information, the location of the issuer's policies, and possibly other information, such as their affiliation with the certificate issuer (often an employer or institution).

The certificate data structure is signed with the private key of the issuer so that a recipient can verify the identity of the signer and prove that data in the certificate has not been altered. Public key certificates are then published, often in an institutional LDAP directory, so that users of the PKI can locate the certificate for an individual with whom they wish to communicate securely.

Encryption and Signing
A secret key allows two transformations of data to occur. Plain text is transformed to cipher text, which is unreadable until it is transformed back to plain text using the secret key. A public-key system uses the encryption and decryption functions in turn to implement two primitive operations, data encryption and signatures.

To encrypt data you use the public key of the recipient to transform a plain text message to cipher text. The cipher text of the message can be converted back to plain text only by using the corresponding private key. Because this private key is known only by the intended recipient, only that individual can decrypt the message.

A signature is created by transforming plain text to cipher text using the private key of the signer. A signature is verified by looking up the public key of the signer and attempting to transform the cipher text of the signature back to plain text. If the operation is successful, this verifies that the data encryption was done with the corresponding private key. This implies that the signature was produced by the owner of that private key.

The most common PKI-based applications include authentication to—and authorization for—the use of Web resources, signed and secured e-mail messages, and electronic document signatures. Each of these functions is implemented in appropriate software applications.

Web Browsers and SSL
PKI is built in to all Web browsers that use Secure Sockets Layer (SSL). SSL is a protocol used to protect data transmitted between a client application and a server. An SSL connection is secured by using the PKI certificate of the Web server to share a symmetric key with the Web browser, which is used to encrypt data exchanged between them.

When SSL is being used to communicate with a Web server, the "security" functions of the Web browser allow the end user to check the validity of and view the associated Web server's certificate.

This is currently the most common application of SSL. Because it works with no further user interaction, most people are unaware of the other PKI certificate and security features.

Some Web browsers also allow you to store and use personal PKI certificates for authentication. The key pair and certificate are used with Web servers and sites that require authentication through client-side SSL connections. In a client-side SSL connection, your Web browser authenticates you by using your private key to decrypt a message encrypted by your public key. Depending on the features of the browser, you may need to specify which certificate is to be used if you have several. Some browsers will select a certificate that will work based on which other certificates were used to sign it.

Your Private Key
In a PKI-based protocol, transforming some data using the private key is needed to provide the identity of the person or device participating in the application.

This private key is connected to a certificate containing the corresponding public key. Showing that you can use that private key demonstrates the connection to the name of the subject in the certificate. Simply having a public key certificate in your possession proves nothing.

Use of the private key is generally controlled by a password set in the browser. Depending on the features of the browser, you may be asked for the password whenever the private key is used. This is the preferred way to set the configuration. Otherwise, once the password has been provided, anyone with access to the computer can use the private key.

Web browsers typically have features that let you examine, import, and export certificates and keys. Certificates can be personal or accepted by the users for certain trusted companies or authorities. Once an SSL connection is established, the server certificate in use can usually be examined by looking at the properties of the page transmitted over the SSL connection.

Certificates and keys are most commonly stored on the hard disk of the computer you are using. In addition to providing the password when the private key is used, usually the password is also required to import or export keys and certificates. Some browsers also support key and certificate storage in a secure external device. Again, a password is often used to gain access to the key and certificate.

Certificate Authorities
Certificates issued to Web servers and individuals are signed by a Certificate Authority (CA). The signature on a certificate identifies the particular CA that issued a certificate. The CA in turn has a certificate that binds its identity to its public key, so you can verify its identity. A CA publishes a policy defining its practices so users of certificates issued by that authority have a basis to make a trusted judgment for transactions based on PKI.

To enable separate institutions to establish trust relationships between themselves, CAs can have their certificates signed by other authorities that audit their practices. These chains of certificates do finally end with a certificate that is self-signed, which is known as a "root" certificate.

Both Web browsers and Web servers begin with a list of known root certificates that they "trust." You can add other root certificates to a Web browser or Web server certificate store for additional CAs that you are willing to trust.

Web browsers alert you when you begin a transaction that involves a new CA. To proceed with the transaction, you must accept the new certificate either temporarily or permanently. The alert dialog allows you to view the new certificate so you can make a decision.

Your Password
You will need to set a password for your browser certificate store. The password controls use of your key pair and should be kept secret.

The security of your personal password is a critical element in maintaining the security of your private key. You should not share your password with anyone. The password used to protect a certificate store is only known on your computer and can't be recovered by your local computer support staff.

Encrypting a file and then finding yourself unable to decrypt it is a painful lesson. So it is very important to create a password that you will remember. Give your choice some thought in advance of starting to obtain your key pair and certificate.

Authorization
It is important to remember that authentication and authorization are separate issues. Any non-trivial application needs to address both questions.

The SSL protocol using a client-side certificate will have established the identity of the end user by having the Web server check the personal certificate's validity. The Web server's SSL code checks that the certificate is not expired and is signed by a chain of valid and accepted institutional and root certificates. The server can be additionally configured to check a Certificate Revocation List (CRL) for revoked certificates.

Depending upon the application, satisfying these conditions may be adequate authorization. However, the contents of the client certificate are available to the Web server in environment variables.

An application can implement additional required authorization-checking logic using the certificate contents and other information retrieved from other sources.

Other Tools
A number of modern e-mail clients use the MIME standard for encoding data. S/MIME is an extension of MIME that allows PKI signatures and encryption of the mail contents. To use S/MIME you need to have a public/private key pair and an associated public key certificate. Using S/MIME features in an e-mail client requires the same use of the private key, public key certificate, and certificate store password, as described earlier, for using SSL in a Web browser.

A number of applications are also available to electronically sign documents using PKI. You will need to archive the public keys used to sign documents in order to be able to verify the signatures in the future.

Effective PKI tools for higher education will greatly facilitate academic and administrative communications. PKI can address much of higher education's needs for the secure control, access, and usage of digital information. As institutions of higher learning, we have a responsibility to contribute to the creation of new systems and the development of new safeguards and lead the way in their adoption.