Chapter 9. PKI: Public Key Infrastructure: Fundamentals and Support for IPsec and Mobility
We have discussed the topics of authentication and key management and the related services in relatively great length in earlier chapters (especially Chapters 2 and 3) and pointed out the strength of public key cryptography in providing these services on many occasions. As noted earlier, public key cryptography involves a key pair of which one has to be kept very private (private key) and the other that should be widely publicized (public key). The reasons for this are very simple:
When sending a signed message, the sender (signer) uses the private key to produce the signature, while the recipient uses the public key of the sender (signer) to verify the signature.
When encrypting a message, the sender of the message uses the public key of the recipient to encrypt the message. Only the recipient, that is also the sole owner of the private key, is able to decrypt the message.
One might think keeping the private key private must be the hardest part in management of public keys. While this is true, keeping the public key public is not an easy task either. How do we make sure that the recipient of a signed document has the public key of the signer, or the sender of a secret document has the public key of the recipient? One way the engineers have dealt with this is to produce public key certificates. The certificate includes the private-public key pair owner's identity and public key. By sending ...
Get AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
