How to protect the company jewels
(IDG) -- Some of the most versatile network security tools are public-key cryptography and the use of certificate authorities (CA) to ensure the secure transmission of data across an intranet or the Internet. One scheme has become universally accepted for formatting public-key certificates: the X.509 standard. X.509 certificates are used in most network security applications, including IP Security (IPSec), Secure Sockets Layer (SSL), Secure Electronic Transaction (SET) and Secure Multi-purpose Internet Mail Extensions (S/MIME).
In the X.509 scheme, a user has two keys: a private key known only to the user, and a public key, which is publicly available to other users. Public-key cryptography has two main uses: key distribution and authentication. A user can encrypt a message with a conventional key, such as a Data Encryption Standard key, and then encrypt the DES key with the public key of the recipient and attach that to the message. The recipient can use the matching private key to recover the DES key, and then decrypt the message.
For authentication, X.509 and public-key cryptography provide for a device called the digital signature. A user can create a message and generate a digest, or fingerprint, of the message. The user encrypts the digest with his private key to form the signature. The recipient can use the sender's public key to decrypt the signature and match it against the fingerprint of the incoming message to assure authenticity.
Although public-key cryptography is virtually unbreakable with the proper algorithm and sufficient key length, there is one vulnerability: How does a recipient know that someone else's public key is valid?
Solving the problem
The solution to this problem is X.509 and the public-key certificate. In essence, a certificate consists of a public key plus a user identification of the key owner, with the whole block signed by a dependable third party. Typically, the third party is a CA that is trusted by the user community, such as a government agency or financial institution.
A user can present his public key to the CAin a secure manner to obtain a certificate. The user can then publish the certificate, and anyone who needs this user's public key can obtain the certificate and verify the key is valid by way of the CA.
The public-key certificate makes use of public-key encryption technology to protect and validate public keys. For this purpose, a user must apply to a CA to create the key. The user supplies his public key plus some sort of unique user identifier.
The public key and user ID, together with a CA identification, form the unsigned certificate. The CA then takes the hash code of this unsigned certificate. A hash code is a small block of data that serves as a sort of fingerprint. For all practical purposes, two different certificates will yield two different hash codes.
Next the CA encrypts the hash code with the CA's private key to produce the signature. A common public-key algorithm for this purpose comes from RSA Data Security. Because only the CA possesses its private key, only the CA could produce this signature. The CA attaches the signature to the certificate to form the signed certificate.
The user may supply this certificate to anyone who needs the user's public key. To verify that a public key is valid, the recipient recovers the hash code from the signature by decrypting the signature using the CA's public key.
Then, the recipient calculates the hash code of the unsigned certificate and compares this to the hash code recovered from the signature. If the two codes match, this is a valid certificate and the recipient may trust that the public key in that certificate belongs to the identified user.
In addition to the user's identifier, the user's public key and the CA's identifier, an X.509 certificate includes several other elements. The certificate contains an identifier of the algorithm used to sign the certificate and the period of validity of the certificate. The latest version of the standard, X.509v3, also includes an extensions field to provide more flexibility and to convey information needed in special circumstances.
Finally, X.509 provides a format for use in revoking a key before it expires. This enables a user to cancel a key at any time.
Stallings is a consultant, lecturer and author on data communications and networking topics. This article is based on material in his most recent book, Cryptography and Network Security. He can be reached at firstname.lastname@example.org.
Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.