In the previous blog post, we learned about the various pieces of the puzzle called the public key infrastructure. It’s time to learn how these pieces work after fitting together.
The PKI is made up of the following different components.
• Certification Authority
• Registration Authority
• Certificate repository
• Certificate revocation system
• Key backup and recovery system
• Automatic key update
• Key Management
To help understand the workings of a PKI, let’s try to take a day-to-day example and then try to learn through it on the workings of the PKI. Let’s say that Oslo wants to get him a passport. He needs this to prove to everyone that he is Oslo when he visits another country. The passport issued by the Government will be his way to enable trust with another country’s systems and people. They may not know him, but they will trust the passport that he is carrying. Now Oslo wants to apply for a passport. So he goes to the registration authority or the passport office and submits his form. The passport office collects all the details along with other documents and sends his request to the government. The government receives (certificate authority) and prints the certificate. Oslo is elated after receiving the passport. He can now travel where he wants to.
Oslo now wishes to travel to India. He applies for a VISA and asks permission to enter the country for travel purposes. The government of India requests Oslo his passport at the embassy or you can say the document ( certificate) they can trust.
With this example in your mind, consider the following points to understand the workings of a PKI.
Oslo wants to be a part of the PKI. So he requests for a certificate to the RA.
- The registration authority requests documentation from Oslo. He supplies the requested documents.
- The RA performs the verification and sends the request to the CA.
- The CA creates a digital certificate for Oslo. The public key and private key pair are generated.
- Once Oslo receives the certificate (passport), he can participate in the PKI.
- Oslo wishes to transact with Tokyo, a friend of his, and hence finds his public key.
- The public key is requested from the public directory which supplies him with the digital certificate.
- Once Oslo verifies the digital certificate of Tokyo, he is convinced and trusts him and agrees to send the information.
- In order to send the information, he encrypts a session key with Tokyo’s public key and sends her the message along with his digital certificate. Only Tokyo can decrypt the message ( session key that will be used for communication thereon) and verify Oslo's identity through the digital certificate.
- Once Tokyo is convinced, the exchange of information begins.
Some of you will definitely wonder if this is the same that we read through the various other cryptographic algorithms. So what is different here in PKI?
The PKI is not just encryption as explained in the previous blog post. It is a complete infrastructure that allows unknown people to trust each other and exchange information without worrying about security.
Key management is one of the most important components of the PKI. What if the keys are lost or breached? Who remembers which pair of keys were issued to whom? What if a digital certificate expires?
Let’s go back to the passport example. What happens if Oslo’s passport is lost? Who keeps the records of how many passports have been issued to Oslo in the past? A PKI must retain the key history, which keeps track of all the old and current public keys that have been used by individual users.
In the next blog post, we will learn about the trusted platform module which will help us understand key storage and its management.
Comments ()