PKI in 5 lines

Written on 24 March 2015, 11:28am

Tagged with: , ,

User 1 (Alice): generates private and public key, stores her private key in a secure location, sends the physical data to Registration Authority (RA) for verification
Registration Authority: verifies the user data and informs the Certification Authority (CA)
CA (the trusted authority): signs the Alice public key with its own private key (issuing a digital certificate) and publishes it
User 2 (Bob): looks up the Alice public key and verifies its authenticity with the CA
Communication: Bob sends Alice a message by encrypting it with Alice public key

At this stage Bob knows that the public key that he sees is really the one of Alice. But is it really Alice he is talking to? Here is how to find out:
– Bob asks Alice to encrypt for her a random message
– Alice encrypts this message with her private key
– Bob decrypts this with the Alice public key (which he knows it belongs to Alice because he trusts the CA)
– if the decrypted message is the same as Bob sent, then it must be really Alice herself
And this is how every SSL conversation begins 🙂

PKI in plain English (PPT, 0.7M)

Leave a response