Page 575 - StudyBook.pdf
P. 575

Public Key Infrastructure • Chapter 10  559

                 ates two different keys, a public key and a private key, which are mathematically
                 related; they are a key pair.The public key is openly available to the public, while
                 only the person the keys were created for knows the private key.This may sound
                 simple—public key is public, private key is kept secret—but it is common for indi-
                 viduals to make the mistake of sending their private keys to others to decrypt files,
                 or to carefully guard their public key. Never give your private key to anyone; it is
                 yours alone, and when used to identify you, can only identify you if you are the
                 only person who has ever held that key.Through the use of these keys, messages
                 can be encrypted and decrypted to transfer messages in confidence. Messages can also
                 be signed, to prove that they are unaltered from the version that you sent.
                    Public keys are generally transported and stored in a document known as a “cer-
                 tificate.” To vouch for that identity, certificates are signed either by the certificate
                 owner (a self-signed certificate), or by another party who is already trusted.
                    PKI has become such an integrated part of Internet communications that most
                 users are unaware that they use it every time they access the Web. PKI is not lim-
                 ited to the Web; applications such as Pretty Good Privacy (PGP) also use a form of
                 PKI for e-mail protection; FTP over SSL/TLS uses PKI, and most other protocols
                 have the ability to manage identities through the management and exchange of
                 keys and certificates.
                    So, what exactly is PKI and how does it work? Public key Infrastructure, or
                 PKI, is a term for any system that associates public keys with identified users or sys-
                 tems, and validates that association.



                 NOTE

                      For details on symmetric and asymmetric algorithms, please refer to
                      Chapter 9.




                    There are several different kinds of PKI.The most widely used is based on a
                 hierarchical model of trust, but there are several different trust models that can be
                 used to form a PKI.

                 Trust Models

                 Before looking at trust models, let’s look at the word “trust” itself.The idea behind
                 “trust” is that one party will automatically rely on another party to take an action
                 or provide information on their behalf.Assuming that the trusted party (Tim) is



                                                                              www.syngress.com
   570   571   572   573   574   575   576   577   578   579   580