Cryptography- Part 3
Public Key Infrastructure (PKI)
A PKI is an arrangement whereby a central authority stores encryption keys or certificates associated with users and systems. PKI is a key element in cryptography.
The four basic components of a PKI are:
- Certificate Authority (CA): It comprises hardware, software, and the personnel administering the PKI. The CA issues certificates, maintains and publishes status information and Certificate revocation Lists (CRLs), and maintains archives.
- Registration Authority (RA): It’s responsible for verifying certificate contents for the CA. This component comprises hardware, software, and the personnel administering the PKI.
- Repository: It is a system that accepts certificates and CRLs from a CA and distributes them to authorized parties.
- Archive: An archive offers long-term storage of archived information from the CA.
The following are the major functions associated with managing encryption keys:
- Key generation: Keys must be generated randomly on a secure system. The keys should not be displayed in the clear text.
- Key distribution: securely distributed is a major vulnerability in symmetric key systems. The solution is to use an asymmetric system.
- Key installation: This process should ensure that the key isn’t compromised during installation, or incorrectly entered.
- Key storage: Keys must be stored on protected or encrypted storage media.
- Key change: Keys should regularly be changed, relative to the value of the information being protected and the frequency of use.
- Key control: Different keys have different functions and may only be approved for certain levels of classification. You need to control how they are used.
- Key disposal: There will come a time when we no longer need a specific key. So, this key must be destroyed accurately and completely so that it can never be recovered and ensure that its contents are never disclosed.
The sender encrypts a message with his or her own private key. In destination, the sender’s public key, properly decrypts the message and authenticating the originator of the message.
Cryptography can be used to ensure the integrity of information using a hashing algorithm and message digest algorithm.