Frequently Asked Questions About PKI :

PKI Basics:

What is PKI?:
PKI is a comprehensive system of technologies working to enable users of the Internet to exchange information securely, authenticated and confidentially. PKI brings to the electronic world the security and confidentiality features provided by the physical documents, hand-written signatures, sealed envelopes and established trust relationships of traditional paper- based transactions. These features are:
Confidentiality: Ensures than only intended recipients can read secured text or files.

Data Integrity: Ensures that the secured text or files cannot be changed without detection.

Authentication: Ensures that participants in an electronic transaction are who they claim to be.

Non-repudiation: Prevents participants from denying involvement in an electronic transaction.

What is included in PKI?:
User’s Key pair: Mathematically related key pairs, for a each entity, an individual or an organization, a different key pair, each comprising a private key and a public key.

Digital certificates: Public Key of an entity signed by a certificate authority.

A Certificate Authority: A party that is trusted by the public to verify the public keys of others.

Encryption:

What is Encryption?:
Encryption is the process of using a mathematical formula and a key to scramble information so that is unintelligible to unauthorized persons.

What is Decryption?:
Decryption is the process of converting the scrambled information back to its original, plain text form using the same mathematical formula and a decryption key related to the encryption key so an authorized person can understand it.

How does it provide message confidentiality?:
A person wishing to send an encrypted message uses the recipient's public key to scramble the information in the message. Only the recipient's private key can decrypt the message. In the picture below, until Alice applies her private key the message contents are visible only as rubbish.

Digital Signing:

What is a digital signature?:
Not to be confused with a digitized signature (a scan of a hand-written signature), a digital signature can be used with either encrypted or plain text messages to confirm the sender's identity and ensure the recipient that the message content has not been changed in transmission. Digital signatures incorporate the characteristics of hand-written signatures in that they can only be generated by the signer, are verifiable, and cannot easily be imitated or repudiated. Digital signature can also be applied to a file. The sender uses his or her private key to digitally sign.


How does a digital signature work?:
Sender: Software applies a mathematical formula known as a hash function to the message, converting it to a fixed-length string of characters called a message digest. The digest acts as a "digital fingerprint" of the original message. If the original message is changed in any way, it will not produce the same message digest when the hash function is applied. Software then encrypts the message digest with sender’s private key, producing a digital signature of the message.

Recipient: Recipient uses sender's public key to decrypt the digital signature, revealing the message digest. Since only sender's public key can decrypt the digital signature, recipient is able to verify the authenticity of the sender of the message. To verify the message content, the recipient end software applies the same hash function to the message that was received. The message digests should be identical. If they are, recipient knows the message has not been changed and is assured of its integrity. The recipient uses sender’s public key to verify sender’s digital signature.