Information Technology Cryptography a Public-Key

Information Technology

Cryptography

A public-key directory is a central repository where users who have registered and obtained cryptographic public and private keys can publish their public key in order to search the directory to find others or let others find them so that secure message traffic can be passed. By having a third-party maintain the public-key directory a greater level of security can be achieved. In order for the directory to maintain a heightened level of security, it must first be maintained by a trusted organization. The trusted authority of the public directory would have to maintain four key elements for the directory. The first key element is that the directory stores a name and public key for each participant of the directory. The second key element is that each participant registers, either in person or over some authenticated means, with the directory authority. The third key element to the public directory is that all participants need to have the ability to update or change their keys at any time in the event that a key has been compromised. Lastly, all participants of the directory need to have the ability to access the directory electronically over some sort of secure means. Although the public-key directory provides a more secure means to distribute public keys, it does provide a single point of weakness in the even the directory's private key has been cracked or illegally obtained. Another drawback to the public-key directory is that it provides a bottleneck for sending encrypted message traffic. The public-key directory is a centralized repository that has four key elements that must be achieved in order for the directory to be successful (Public Key Directory, 2010).

A public key certificate is a digitally signed certificate that provides validation to the sender's authorization and name. The document is made up of a specially formatted block of data that contains the name of the certificate holder which may be either a user or a system name and the holder's public key, as well as the digital signature of a certification authority for authentication. The certification authority shows that the sender's name is the one that is associated with the public key in the document. A user ID packet, which contains the sender's unique identifier, is sent after the certificate packet is verified (Public Key Certificate, (2010).

A private key is linked to a certificate that contains the related public key. Showing that one can use that private key demonstrates the association to the name of the matter in the certificate. Merely having a PK certificate proves nothing. A certificate has a connected private key. Utilization of the private keys is often restricted by a password that is set in the browser. Depending on the features of the browser, one may be asked for the password, every time the private key is used, the first time it is used or it may be used by anyone using the computer on which it is stored (Using PKI, 2004).

Web browsers characteristically have the ability to let a person import, export and examine certificates and keys. Certificates can be personal or set up by the users for certain trusted authorities. Once an SSL connection is recognized, the server certificate in use can usually be scrutinized by looking at the assets of the page conveyed over the SSL connection. Certificates and keys are normally stored on the hard disk of the computer. Additionally to needing a password when the private key is used, it is typically also required to import or export keys and certificates. Some browsers also hold key and certificate storage on a secure external device (Using PKI, 2004).

Certificates given to web servers and individuals are signed by a Certificate Authority. The signature on a certificate recognizes the particular Certificate Authority that issued a certificate. The Certificate Authority in turn has a certificate that connects its identity to its public key, so you can verify its uniqueness. A certificate authority issues a policy defining its practices so users of certificates issued by that Authority have a basis from which to make a trust judgment for transactions based on PKI (Using PKI, 2004).

Public-key cryptography facilitates the following tasks:

Encryption and decryption permit two communicating parties to disguise information they send to each other. The sender encrypts, or scrambles the information before sending it. The receiver decrypts, or unscrambles, the text after receiving it. While in transit, the encrypted information is jumbled to an intruder.

Tamper detection allows the receiver of information to verify that it has not been modified in transit. Any attempt to change data or substitute a false message for a legitimate one will be discovered.