From Cryptography Decrypted

Part III Overview:


PKI: Distribution of Public Keys


Public key cryptography changed 3,000 years of key exchange. For thousands of years, Alice and Bob had to somehow exchange a secret key without anyone else seeing it. Furthermore, the shared secret key had to remain secret forever. Public key cryptography changed all that, allowing Alice and Bob to exchange public keys openly. Public keys don’t need to be secret. In fact, some internet companies want as many people as possible to know their public keys.

Even though Alice can openly distribute her public key to Bob, they need assurances that nefarious Black Hat can’t substitute his public key for Alice’s public key. Since delivery of authentic public keys is still a problem, understanding your options for key delivery is important if you care about protecting your identity and valuables in the wild wild web.

Even though attacks are possible, digital certificates are the preferred way to securely deliver public keys. (Attacks to digital certificates are discussed in Cryptography Decrypted, Chapter 16: Digital Certificates and Chapter 22: Cryptographic Gotchas.) A digital certificate is a specialized document signed by a trusted third party not much different than a driver’s license. Just as in the case of a driver’s license, if you can trust the issuer and its issuing procedures, you can trust the certificate.

The top part of a digital certificate contains plaintext identifying the issuer (signer), subject (whose public key is attached), the subject’s public key and the expiration date of the certificate. The bottom part of a digital certificate contains the issuer’s signed hash of the top part. As mentioned in the article on public key cryptography, the hash saves time when digitally authenticating since it is compressed redundant copy of the original digital certificate.

A digital certificate consumer must have a trusted copy of the digital certificate issuer’s public key to verify the certificate. The issuer, subject and consumer are reviewed in the following table illustrating digital certificate players.

Digital Certificate Persona Action Analogy
Issuer Signs certificate DMV
Subject Sends issuer their public key Licensee
Consumer Uses subject’s public key (on certificate) Car rental firm confirms licensee I.D.

Two popular standards for digital certificates – X.509 and Pretty Good Privacy (PGP) – are two ways that a network of digital certificates can be managed. These digital certificate frameworks are commonly called public key infrastructures or PKI. X.509 employs a centralized control in its trust model, while PGP distributes the trust.


Centralized Trust: X.509

The Root Certificate Authority (CA) is the single focal point of X.509 certificate policies. Digital certificate users trust the accuracy of the public keys the CA issues.

Like a DMV, the CA controls certificate registration, issuance, expiration and revocation. (We’ll see this is in stark contrast to PGP’s trust model, where the individual user acts unilaterally.)

The CA can out-source most of these functions to subcontractors. For instance, PKI defines terms and definitions for Registration Authorities (RA) who act on behalf of the CA. The CA can outsource the distribution of the certificate revocation list (CRL).

A CA Root Certificate is self-signed by the CA and is usually accepted as valid with additional verification. CA Root Certificates are often distributed through another trusted source; for example Netscape’s Internet Browser.


Distributed Trust: PGP

Philip Zimmerman developed Pretty Good Privacy (PGP), a strong encryption system designed for the masses and based on RSA public key cryptography. It’s available for free from several Internet servers.

PGP’s digital certificates are similar to X.509 self-signed (root) certificates, except there can be more than one signature on PGP certificates.

In contrast to X.509’s centralized control (certificate authority) trust model, PGP uses a distributed trust (web-of-trust) model. But PGP cryptographic methods and keys are as strong as those used with X.509.

Part IV: Real World Systems

(c) H. X. Mel & Doris Baker all rights reserved

Back to "Free Chapters"
Cryptography Decrypted

Click here to read reviews and buy.

About Authors