Conventional cryptography uses identical secret “key” in both message encrypting and decrypting. Secret key cryptography often times having difficulty securing key management usually in opens systems with large numbers of users (RSA Lab, n. d. ). Diffie and Hellman initiated the concept of public-key cryptosystems in 1976, to work out the problems with key management. (RSA Lab, n. d. ) The newly created concept of public-key cryptosystems employs encryption and digital signatures. The public-key cryptosystem works by providing each person a pair of keys, a public-key, and a private-key.
The advantage of using public-key is you can send out classified information publicly but it cannot be decrypted. Safely, the recipient that holds the private key is doing the decryption. The form the holds the security information for both sender and receiver is called a certificate. Public-key certificate The Public-key cryptosystems principal ingredients in realizing its security tasks are: 1) Issuer – holds the public-key and the compulsory signed private key. It is the basis of the certificate.
Issuer can be anyone with a public key and a private key. 2) Subject- contains public key, value, or name. The subject is receiver of the certificate. The particular recipient in this field has exclusive rights to view the certificate. 3) Delegation- this field contains a Boolean value providing the subject with rights to re-delegate the certificate. If the field is false, the subject may not pass or delegate the certificate to other subject. 4) Authorization- it restricts the subject access rights to a specific information, data, and locations.
These rights may be given depending on applications and the level of security required. 5) Validity dates – specify the validity period of a certificate by an issuer. It limits the duration of access of the subject. Sample transaction process of public-key cryptosystem. The sample above shows Ka as the issuer, Kb as the subject, True as Boolean value to allow the subject to re-delegate the certificate, Authorization to read file in “. \john\documents,” and certificate validity dates from 02/10/2006 to 02/12/2006.
John with a Public-key (Ka) issued a certificate to subject Dianne (Kb). The certificate is sign by John’s private key, when Dianne wants to read and write files in John’s document directory, request will be written, signs it with his own private key, and send it. When the file server gets the request and found John’s (Ka) signed private key, then the request is granted. The server will now allow Dianne to read and write files in John’s documents directory until the validity date specified in the certificate’s validity field expires.
The delegation occur when the Boolean field is mark True, Kb can now impart its right to other subject. Let us call the new public-key as Kc. Kb re-delegate its certificate to Kc and signs a new certificate for Kc at the same time. Kc now has two certificates, which form a chain.
References: RSA Laboratories, (n. d. ), “What is public-key cryptography? ” [online], http://www. rsasecurity. com/rsalabs/node. asp? id=2165 Wang Yulian, 1998, “SPKI,” Computer Science, Helsinki University, [online], http://www. niksula. cs. hut. fi/~yuwang/publications/SPKI/SPKI. html