Abstract
The purpose of this document is to explain the four key elements to a public-key directory. Also included in this document is an explanation of what a public-key certificate is. This document is intended for anybody looking to gain knowledge about public-keys and public-key certificates.
Content
When working with the public-key cryptography there is a need to distribute public keys so that users are able to encrypt messages using the recipient’s public key. One method for distributing public-keys is by using a public-key directory. The public-key directory acts as a central repository for storing and distributing public-keys that have been established. The public-key directory is a listing where users can publish their public key to and then other users can find their public-key in order to send an encrypted message.
A public-key directory is a central repository where users who have registered and obtained cryptographic public and private keys can publish their public key in order to search the directory to find others or let others find them so that secure message traffic can be passed. By having a third-party maintain the public-key directory a greater level of security can be achieved (Stallings, 2007, p.291-292). In order for the directory to maintain a heightened level of security, it must first be maintained by a trusted organization. The trusted authority of the public directory would have to maintain four key elements for the directory. The first key element is that the directory stores a name and public key for each participant of the directory. The second key element is that each participant registers, either in person or over some authenticated means, with the directory authority. The third key element to the public directory is that all participants need to have the ability to update or change their keys at any time in the event that a key has been compromised. Lastly, all participants of the directory need to have the ability to access the directory electronically over some sort of secure means. Although the public-key directory provides a more secure means to distribute public keys, it does provide a single point of weakness in the even the directory’s private key has been cracked or illegally obtained. Another drawback to the public-key directory is that it provides a bottleneck for sending encrypted message traffic. The public-key directory is a centralized repository that has four key elements that must be achieved in order for the directory to be successful and even though the directory is more secure than individually distributing keys, it dos have some drawbacks.
An alternative method to using a public-key directory is similar, however it does not require requesting a recipients keys from a public-key authority. The alternative method would instead use digitally signed certificates that contains and identifier of the owner of a public key’s with the public-key and then it would be signed by a trusted third-party. Using this method a user can present their public key in a secure message in order to obtain a certificate. Then when the user wants to send an encrypted message to another user, all they have to do is provide the certificate of the person they want to encrypt a message to and then they know the key is valid because the certificate can only be created by the owner of that public key. This method has a need for a certificate authority to have the function of being the only entity that can create or update certificates. This method allows any participant to read a certificate in order to determine the name of the owner of a public key; the public keys itself, and the currency of the public key (Stallings, 2007, p.294). Using a public-key certificate method provides the means for users to lookup public keys and owners of the public keys based upon certificates, however the certificates can only be created or updated by certificate authorities.
In conclusion, there are multiple ways for users to send encrypted data to each other when using public-key cryptography. One method is for users to distribute their public keys themselves. Another method is using a public-key directory in which a public-key authority maintains the directory and provides public keys over secure channels. The public-key directory is more secure than users distributing keys themselves, however there are some drawbacks. Another method of establishing secure communications between users is by a user publishing their public key to a certificate authority in order to obtain a certificate. The certificate can then be used to verify the owner of the public-key, as well as, the keys authenticity. No matter which method is used, it is important to understand how they work and what is being accomplished by each of these methods.
References
1. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 291-292). Upper Saddle
River, NJ: Pearson Prentice Hall.
2. Stallings, W. (2006). Confidentiality using symmetric encryption. In
Cryptography and network security (4th ed., pp. 291-292). Upper Saddle
River, NJ: Pearson Prentice Hall.