If you do not work in IT, chances are low that you are familiar with “PKI”. And this is no surprise, as PKI is designed to work as an actor in the background. The basic concept is rather simple, and the hype around it is long settled. Nevertheless, key management is a fundamental component of information security, which is why we thought we would dedicate a few lines to explain it, which everyone can understand – even if you don’t work in IT.
Forget everything you thought was the “key”
PKI stands for Public Key Infrastructure. Each letter of the abbreviation indicates who we are dealing with.
For better understanding and a particularly more careful approach to interpreting PKI, we should start with “K”, which stands for “Key”. In the field of cryptography, which is the science of sending secret messages (the word itself is derived. Greek crypto for graffin for “secret, secret” and “to write”), the term is used with the meaning that you Can expect
You must have done something similar to the illustration above. The process of moving three letters in the alphabet is called an algorithm in mathematical terms. In cryptography, the process of transferring characters is called cryptocurrency; The number 3, in this case, is called the key.
Now imagine that you tried to run the system pictured above with a pen pal living thousands of miles away. It would work – but only if at some point you managed to share cryptocurrencies and keys with them. And that’s the problem – “catch-22”, if you will – in what we now call symmetric cryptography: you’ll need a secure channel to share the key, but you can’t set up a secure channel until a key is shared. Can.
The 19th-century Dutch cryptographer Auguste Kerkehoff made this very important observation about cryptocurrency: “It [cryptocurrency] should not require privacy, and should not be a problem if it falls into the hands of the enemy”. Nowadays, we know this as Kerkhoff’s theory and it is essential in the practice of cryptography. However, this makes the privacy of the key fundamentally important. Without it, an eavesdropper would know how to decrypt your message.
“Public” key – but not necessarily public access
Fortunately Genius cryptographers Whitfield Diffie, Martin Hellman, and Ralph Markle developed a concept that would solve this central issue of sharing a key over an insecure channel.
Picture this: Alice wants to send Bob an item packed in a small metal box, securing it with a padlock. Alice must pack her box, lock it with her padlock, and then send it to Bob. To unlock, Bob will need Alice’s key. But imagine this: instead of Alice locking the box she sent with her own padlock, she uses Bob’s padlock, which only holds Bob’s key. Bob does not have to worry about sharing his padlock, as it is only used to lock a box, do not open it. This is great, because Bob can get a package and open it anytime without Alice or Bob.
The comparison is not perfect, but it is as close as we can give an example of real life.
In our example, instead of padlock and its key, in public-key cryptography we are talking about private key and public key. And unlike padlock, public-key cryptography works both ways: the public key can decrypt encryption from the private key and vice versa. Additionally, it is almost impossible to remove the private key from the corresponding public key. It is based on a concept called “trap-door functions”, which goes deeper into mathematical equations than we are going to cover here.
The takeaway is this: Alice and Bob can communicate in perfect privacy, each holding a public and a private key. They are free to publish the public key (hence the name) and still have guaranteed communication – as long as they see the security of their private key.
What about “I”? recognise? Integrity? Infrastructure?
Public-key cryptography was widely celebrated as a revolutionary in the world of information security. Primarily, because it can provide some guarantee for important aspects of both privacy and security, by cleverly implementing cryptography in public. The three core principles of privacy and security are often referred to as the “CIA-Triangle”. (This is quite ironic, because at one point public-key cryptography became the United States’ worst nightmare for its Central Intelligence Agency, also known as the CIA.)