PKI and Encryption

 

Public Key Infrastructure (PKI) was first introduced in the 1990’s to help govern encryption keys through the introduction and management of digital certificates. PKI protects sensitive data by governing the issuance of digital certificates, providing unique digital identification for users, devices and applications, and providing secure end-to-end communications (Key Factor, 2021). To fully understand how PKI works, you must first understand cryptographic algorithms. Cryptographic algorithms are highly complex mathematical formulas that are used to encrypt and decrypt messages and are considered to be the building blocks of PKI authentication (Key Factor, 2021). These cryptographic algorithms pre-date modern technology and range in complexity.

There are two different types of cryptographic systems: symmetric and asymmetric. Symmetric algorithms were considered to be a state of the art cryptographic algorithm when they were first used by the German Army during WWII. Today it is now considered to be quite simple; a plain text message goes through a mathematical equation to become encrypted (Key Factor, 2021). Asymmetric encryption, also known as public/private key systems, uses two separate keys, a public key and a private key. The private key is kept secret and the public key is widely distributed, these two keys are mathematically related and the public key can only be decrypted with the assistance of the private key (Go Anywhere, 2021).

                                                    

PKI uses certificates instead of using a user ID and password (Puneet, 2021). It also uses symmetric and asymmetric encryption to encrypt communication. By using both certificates and encryption, a highly secure environment is created for users, applications, and other devices on the network. PKI uses both X.509 certificates and public keys for end-to-end encrypted communication. X.509 is a standard that defines the format of public-key certificates (AppViewX, n.d.). An X.509 certificate contains both a public key and an identity (a hostname, an organization, or an individual) and is either self-signed, or signed by a certificate authority (AppViewX, n.d.). By using both X.509 certificates and public keys for encryption and decryption, this allows for both the sender and the receiver to trust each other.

               Even when asymmetric encryption is used, there is still a risk that a “man in the middle” attack can occur. For example, this happens when Bob’s public keys is intercepted, uses it to generate a new key for Alice. In this case Alice would encrypt messages for Bob, and the man in the middle could decrypt them, change them, and re-encrypt them without Bob or Alice knowing. PKI resolves this by assigning identities to keys so that the recipients can accurate identify the owners (Key Factor, 2021).

References

How encryption works: Everything you need to know. www.goanywhere.com. (2021, December 14). Retrieved February 15, 2022, from https://www.goanywhere.com/blog/how-encryption-works-everything-you-need-to-know#:~:text=Encryption%20is%20a%20method%20of,the%20originator%20of%20the%20message.

Puneet. (2021, August 17). What is PKI?: How it protects your infrastructure online. Public Key Infrastructure or PKI. Retrieved February 15, 2022, from https://www.encryptionconsulting.com/education-center/what-is-pki/

What is PKI? A public key infrastructure definitive guide. Keyfactor. (2021, September 13). Retrieved February 15, 2022, from https://www.keyfactor.com/resources/what-is-pki/#:~:text=Public%20key%20infrastructure%20(PKI)%20governs,end%2Dto%2Dend%20communications.

What is X.509 standard?: X509 certificates. AppViewX. (n.d.). Retrieved February 15, 2022, from https://www.appviewx.com/education-center/what-is-x-509-standard/#:~:text=509%20Standard%3F-,X.,format%20of%20public%2Dkey%20certificates.&text=An%20X.,certificate%20authority%20or%20self%2Dsigned.