Definition of a PKI infrastructure
The Key Management Infrastructure (PKI) issues digital certificates for performing cryptographic operations. These are used for verifying and authenticating the validity of the various parties involved in an electronic exchange. The PKI is made up of a set of services that rely on the use of asymmetric cryptography and allow the lifecycle management of digital certificates or electronic certificates. A digital certificate is public data that can be found in everyday life under two families: the signing certificate for signing or authenticating documents and the encryption certificate for decrypting the encrypted content of messages.
Public key cryptography
Public key cryptography is an encryption key that is accessible to all members of an organization. It allows on the one hand to transmit messages in complete confidentiality to its sole owner and on the other hand to authenticate messages that have been sent by the owner. Thus, the PKI offers its users a high level of service in the protection of privacy but also the control of access to information, integrity, authentication and non-repudiation during electronic transactions.
Confidentiality guarantees that only the legitimate recipient has access to the data.
Authentication ensures that the recipient of a message and its sender are the ones who truly have access to the data and have an authenticated electronic identity.
Integrity ensures that the message is not accidentally or intentionally altered.
Non-repudiation ensures that the author of a message cannot be denied under any circumstances.
The most tangible example of how a key management infrastructure works is the electronic signature. The digital certificates of the signature ensure that the private key is held only by a single holder (physical person or server).
The components of the key management infrastructure
A key management infrastructure delivers a set of services relating to user registration, certificate generation, certificate renewal, certificate revocation, certificate publication, user identification and authentication, publication of revocation lists, and archiving and recovery of certificates.
There are thus 5 entities in the PKI including the certification authority (CA), the registration authority (AE), the depositary authority (Repository), the final entity (End Entity) and the escrow (Key Escrow). The CA is the most important entity in the key management infrastructure, as it is responsible for validating certificate requests and revocation lists. The registration authority is the one who created the digital certificates which are nominative and unique for the entire PKI. It also performs customary checks on the identity of the certificate holder. The depositary authority is responsible for storing digital certificates and revocation lists. The end entity is the one that uses the digital certificate. And finally the escrow authority which is responsible for storing and ensuring the security of encryption keys generated by the registration authorities in order to restore them, if necessary.
Public key infrastructure (PKI): asymmetric encryption
A public key infrastructure is often represented by the acronym PKI or Public Key Infrastructure. It is presented in a set of outsourced services that ensure better management of the main criteria on network security such as authentication and integrity. Of course, the confidentiality as well as the non-repudiation of information are also guaranteed. As these services are based on the concept of the electronic certificate, this digital data which allows 700-505 dumps to guarantee the identity of a signatory is, for its part, based on the principle of asymmetric encryption.
The principle of asymmetric encryption
Unveiled in 1976 in a work based on cryptography, asymmetric encryption, also known as public key encryption, is today a widely used algorithm which, instead of using a single key for encryption and decryption of information, makes use of ‘a pair of complementary keys. Thus, all messages encrypted with one of the keys can only be decrypted by the other, and vice versa.
Considered as the basis of PKIs, asymmetric encryption therefore uses two main keys, including the public key which can be shared with many users and the private key which will be kept confidential. Moreover, a key cannot simultaneously encrypt and decrypt at the same time. Although the encryption function is the reverse of decryption, asymmetric encryption still does not extrapolate the two functions.
Example of using an asymmetric or 640-864 public key encryption system
Suppose Julien wants to send encrypted messages to a number of recipients. It therefore generates a pair of keys, the first or the public key of which it will distribute to all potential recipients. Thanks to the private key of which he is the only holder, he will encrypt his messages.
To proceed with the decryption, the recipients will have to use Julien’s public key with which they can also be used to send other messages to Julien who will use his private key to decrypt them.
When a recipient manages to decrypt a message using Julien’s public key, in principle, this message is indeed that of the sender because it has been encrypted with his private key. In addition, if ever a malicious third party modifies a message before it reaches its recipient, it will be impossible to decrypt this message from the public key.
The main advantages and limitations of asymmetric cryptographic systems
In the Internet world, asymmetric cryptography is mainly used to ensure the security of transactions on the commercial, banking and other levels, but also for other purposes where confidentiality of messages is essential. Acting therefore as a signature, public key encryption can be considered as the art of ensuring the confidentiality of messages as well as their integrity, authentication and non-repudiation.
On the other hand, when a public key is 642-436 certification distributed to potential correspondents, they may wonder if it is really that of the author of the message. So this is the only small detail that requires the intervention of other systems such as digital certificates or a trusted third party.
How does it work with the Internet?
SSL working principle
SSL (Secure Socket Layer) technology is used to secure data transmission over the Internet: it encrypts and protects data transmitted using the HTTPS protocol. SSL guarantees visitors to your website that their data will not be fraudulently intercepted.
Encryption of information
The certificate guarantees the identity of the site to a certification authority. It allows the authentication of exchanges made between an Internet user and the servers of the Application necessary for securing data transfers.
The authentication of a certificate generates the creation of a pair of digital keys
The principle step by step
The private key
It is installed on the server. It is this key that creates the certification stamp of your site.
The public key
This is the other part of the SSL certificate which is also installed on your site. It allows visitors to your site to encrypt their information, which is very useful if they need to communicate sensitive data (bank card number, SSN number, etc.). Data is encrypted before it is sent. The private key is the mirror key, only it can decipher the information.
SSL communication example
Principle of renewing an SSL certificate
