Private Key Certificates

By: Jesse Miller

The public-key authority could be somewhat of a bottle neck in the system, for a user must appeal to the authority for a public key for every other user that it wishes to contact. The directory of names and public keys maintained by the authority is vulnerable to tampering.

An alternative approach can be used by participants to exchange keys without contacting a public-key authority, in a way that is as reliable as if the keys were obtained directly from a public-key authority. Each certificate contains a public key and other information, is created by a certificate authority, and is given to the participant with the matching private key.

A participant conveys its key information to another by transmitting a certificate. Other participants can verify that the certificate was created by the authority. Requirements on this scheme are any participant can read a certificate to determine the name and public key of the certificate`s owner. They can also verify that the certificate originated from the certificate authority and is not counterfeit. Only the certificate authority can create and update certificates. Optional requirement can be to verify the currency of the certificate.

Each participant applies to the certificate authority, supplying a public key and requesting a certificate. Application must be in person or by some form of secure authenticated communication. The recipient uses the authority`s public key to decrypt the certificate. The certificate is readable only using the authority`s public key, this verifies that the certificate came from the certificate authority. Elements provide the recipient with the name and public key of the certificate`s holder. The time stamp T validates the currency of the certificate. The time stamp counters the following scenario.

Private Key is learned by an opponent. It generates a new private or public key pair and applies to the certificate authority for a new certificate. The opponent replays the old certificate to the user. If the recipient encrypts the message using the compromised old public key, the opponent can read those messages.


Compromise of a private key is comparable to the loss of a credit card. The owner cancels number but is at risk until all possible communications are aware that the old credit card is obsolete. The time stamp serves as something like and expiration date. If a certificate is sufficiently old, it is assumed to be expired.
It is always best to validate a certificate carefully.

Computers
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 

» More on Computers