- These are the people whose day-to-day activities include installation, configuration and maintenance of the computers and networks.. - Indeed, Julius Caesar is credited with creating one of the earliest cryptographic systems to send military messages to his generals.. - Consequently, the term key management refers to the secure administration of keys to provide them to users where and when they are required.. - However, there always remains the difficult problem of how to securely transfer the key to the recipients of a message so that they can decrypt the message.. - A major advance in cryptography occurred with the invention of public-key cryptography. - The primary feature of public-key cryptography is that it removes the need to use the same key for encryption and decryption. - With public-key cryptography, keys come in pairs of matched ‘public’ and ‘private’ keys. - The public portion of the key pair can be distributed in a public manner without compromising the private portion, which must be kept secret by its owner. - Encryption done with the public key can only be undone with the corresponding private key.. - Prior to the invention of public-key cryptography, it was essentially impossible to provide key management for large-scale networks. - The invention of public-key cryptography was of central importance to the field of cryptography and provided answers to many key management problems for large-scale networks. - For all its benefits, however, public-key cryptography did not provide a comprehensive solution to the key management problem.. - Indeed, the possibilities brought forth by public-key cryptography heightened the need for sophisticated key management systems to answer questions such as the following:. - The encryption of a file once for a number of different people using public-key cryptography. - The certainty that a public key apparently originated from a specific individual is genuine and has not been forged by an imposter. - The assurance that a public key is still trustworthy. - The next section provides an introduction to the mechanics of encryption and digital signatures.. - Remember that both the client and the bank are in possession of matching private key/public key sets. - The simplest electronic version of the cheque can be a text file, created with a word processor, asking a bank to pay someone a specific sum. - Since someone else could create a similar counterfeit file, the bank needs to authenticate that it was actually you who created the file.. - Since the sender could deny creating the file, the bank needs non- repudiation.. - Since someone could alter the file, both the sender and the bank need data integrity.. - The first step is to ‘sign’ the cheque with a digital signature.. - The process of digitally signing starts by taking a mathematical summary (called a hash code) of the cheque. - This hash code is a uniquely identifying digital fingerprint of the cheque. - If even a single bit of the cheque changes, the hash code will dramatically change.. - The next step in creating a digital signature is to sign the hash code with the sender’s private key. - This signed hash code is then appended to the cheque.. - How is this a signature? Well, the recipient (in this case the bank) can verify the hash code sent to it, using the sender’s public key. - At the same time, a new hash code can be created from the received check and compared with the original signed hash code. - If the hash codes match, then the bank has verified that the cheque has not been altered. - The bank also knows that only the genuine originator could have sent the cheque because only he has the private key that signed the original hash code.. - This is often referred to as a symmetric key system because the same key is used at both ends of the process.. - As the cheque is sent over the network, it is unreadable without the key, and hence cannot be intercepted. - The next challenge is to securely deliver the symmetric key to the bank.. - Public-key encryption is used to solve the problem of delivering the symmetric encryption key to the bank in a secure manner. - To do so, the sender would encrypt the symmetric key using the bank’s public key. - Since only the bank has the corresponding private key, only the bank will be able to recover the symmetric key and decrypt the cheque.. - Why use this combination of public-key and symmetric cryptography? The reason is simple. - Public-key cryptography is relatively slow and is only suitable for encrypting small amounts of information – such as symmetric keys. - The most convenient way to secure communications on the Internet is to employ public-key cryptography techniques. - verify the public keys of the party with whom he or she wishes to communicate. - This is where a public-key infrastructure comes in.. - A successful public-key infrastructure needs to perform the following:. - Deploying a successful public-key infrastructure requires looking beyond technology. - As a result, the quality, integrity, and trustworthiness of a public-key infrastructure depend on the technology, infrastructure, and practices of the certificate authority that issues and manages these certificates.. - Establishing trust among the members of the infrastructure. - Since the quality, efficiency and integrity of any PKI depends on the CA, the trustworthiness of the CA must be beyond reproach.. - On the one end of the spectrum, certain users prefer one centralized CA, which controls all certificates. - At the other end of the spectrum, some parties elect not to employ a central authority for signing certificates
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt