Public Key Distribution

Dr. Risala Tasin Khan

Professor
IIT, JU
Introduction
In asymmetric-key cryptography, people do not need to know a
symmetric shared key; everyone shields a private key and
advertises a public key.
❑ If Alice wants to send a message to Bob, she only needs to know
Bob’s public key, which is open to the public and available to
everyone.
❑ Similarly, if Bob needs to send a message to Alice, he only needs to
know Alice’s public key, which is also known to everyone.
In public-key cryptography, everyone shields a private key and
advertises a public key.
Like secret keys, public keys need to be distributed.
Now we will briefly discuss the way public keys can be
distributed.
 Ways of Distributing Public Key:
There are several approaches to distribute a public key:
1. Public announcement
2. Trusted center
3. Certifying authority

Bob can put his public key on his website or

Public Announcement: announce it in a local or national newspaper.
❑ The naive approach is to announce
When Alice needs to send a confidential
public keys publicly.
message to Bob, she can obtain Bob’s public
key from his site or from the newspaper, or
even send a message to ask for it.

Figure below shows the situation.

However, this approach is not secure; it is

subject to forgery.
❖ For example, Eve could make such a public
announcement. Before Bob can react,
damage could be done. Eve can fool Alice
into sending her a message that is intended
for Bob.
❖ Eve could also sign a document with a
corresponding forged private key and make
everyone believe it was signed by Bob.
❖ The approach is also vulnerable if Alice
directly requests Bob’s public key. Eve can
intercept Bob’s response and substitute her
own forged public key for Bob’s public key.
Slide-3 Figure: Announcing a public key
 Ways of Distributing Public Key:
Trusted Center:
A more secure approach is to have a
trusted center retain a directory of
public keys.
❑ The directory (like the one used in a
telephone system) is dynamically
updated.

❑ Each user can select a private and

public key, keep the private key, and
deliver the public key for insertion into
the directory.

❑ The center requires that each user

register in the center and prove his or
her identity. The directory can be
publicly advertised by the trusted
center.

❑ The center can also respond to any

inquiry about a public key.

❑ Figure shows the concept.

Figure: Trusted center
Slide-4
 Ways of Distributing Public Key:
Controlled Trusted Center:
A higher level of security can be achieved if there are added controls on the distribution of
the public key.
The public-key announcements can include a timestamp and be signed by an authority to
prevent interception and modification of the response.
❑ If Alice needs to know Bob’s public key, she can send a request to
the center including Bob’s name and a timestamp.
❑ The center responds with Bob’s public key, the original request,
and the timestamp signed with the private key of the center.
❑ Alice uses the public key of the center, known by all, to verify the
timestamp. If the timestamp is verified, she extracts Bob’s public
key.
❑ Figure shows one scenario.

Slide-5
Figure: Controlled trusted center
 Ways of Distributing Public Key:

Certification Authority (CA):

The distribution of public key through controlled trusted center

(discussed before) can create a heavy load on the center if the
number of requests is large. The alternative is to create public-key
certificates.
Suppose, Bob wants two things:
1. He wants people to know his public key.
2. He wants no one to accept a forged public key as his.
❑ How can he do this?
The steps he may follow are:
❑ Bob can go to a certification authority (CA), a federal or state
organization that binds a public key to an entity and issues a
certificate. The CA has a well-known public key itself that cannot
be forged.
❑ The CA checks Bob’s identification (using a picture ID along with
other proof).
❑ It then asks for Bob’s public key and writes it on the certificate it
will issue for Bob.
❖ To prevent the certificate itself from being forged, the CA signs the
certificate with its private key.
❑ Now Bob can upload the signed certificate.
❑ Anyone who wants Bob’s public key downloads the signed
certificate and uses the CA’s public key to extract Bob’s public
Slide-6
key.
 Ways of Distributing Public Key:
Certification Authority (Cont…):
The steps stated before are illustrated in the figure below.
When Alice wants Bob’s public
key:
❖ She gets Bob’s certificate (from
Bob or elsewhere).
❖ she applies CA’s public key to
Bob’s certificate, and gets
Bob’s public key

Slide-7
Figure: Certification authority
Digital Certificate
A problem in public-key systems is the authenticity of the public key.
❑ An attacker may offer the sender her own public key and pretend that it origins from the
legitimate receiver.
❑ The sender then uses the fake public key to perform her encryption and the attacker can
simply decrypt the message using her private key.
❑ This technique may be used to set up a man-in-the-middle attack in which a third party is
able to monitor and modify the communication between two parties, even when
encryption is used.
In order to thwart an attacker that attempts to substitute her public key for the
victim’s one, digital certificates are used.
❑ A certificate combines user information with the user’s public key and the digital signature
of a trusted third party that guarantees that the key belongs to the mentioned person.
❑ The trusted third party is usually called a certification authority (CA).
❑ A digital certificate is just a file or a software program, digitally signed by a signing
authority, that can be installed in a browser. Once installed, the digital certificate identifies
the user of that browser to websites equipped to check it automatically. It is like an
electronic “credit card” that establishes one’s credentials when doing business on the Web.
Therefore, a digital certificate, issued by a certifying authority, is an electronic
attachment to an electronic message that is used to verify that a user sending a
message is who they claim to be.
Those wishing to send encrypted messages obtain a digital certificate from a
certifying authority.
❑ The certifying authority issues an encrypted digital certificate.
The recipient of an encrypted message uses the certifying authority’s public key to
decode the digital certificate attached to the message.
❑ The recipient verifies it as issued by the certifying authority.
❑ Then it obtains the sender's public key and identification information held within the digital
certificate.
❑ With this information, the recipient can then send an encrypted reply.
The most widely used standard for digital certificates is X.509. Hence, digital
certificates are sometimes called X.509 certificates.
Components of a Digital Certificate
• A typical digital certificate contains several key elements:
1. Certificate Holder’s Information:
• This includes the name, email address, organization, and other identifying details of
the certificate holder.
2. Public Key:
• The public key of the certificate holder, which others can use to encrypt data sent to
them or to verify digital signatures made by the holder.
3. Digital Signature:
• The certificate is signed by a trusted Certificate Authority (CA), which certifies the
authenticity of the certificate.
4. Validity Period:
• Specifies the certificate’s start and expiration dates.
5. Certificate Serial Number:
• A unique number assigned to the certificate, allowing it to be identified and tracked.
How Digital Certificate works
1. Requesting a Certificate:
• The certificate holder (individual or organization) generates a public-private key pair
and sends a Certificate Signing Request (CSR) to a trusted Certificate Authority
(CA) such as VeriSign, DigiCert, or Let’s Encrypt.
2. Issuance by Certificate Authority (CA):
• The CA verifies the identity of the requester through various checks.
• Once verified, the CA issues a digital certificate, binding the requester’s identity to
their public key and signing the certificate with the CA’s own private key.
3. Using the Digital Certificate:
• When someone wants to establish a secure connection (e.g., accessing a website
or sending encrypted data), the server or individual presents their digital certificate.
• The recipient uses the CA’s public key to verify the digital signature on the
certificate. This assures them that the certificate is genuine and hasn’t been
tampered with.
• The recipient can then use the certificate’s public key to establish a secure,
encrypted communication channel or verify a digital signature.
 Digital Certificate
For what purposes you can use the digital certificates?
You can use the digital certificate to digitally sign email, documents,
files etc. to prove you were the author, and that they have not been
tampered with.
You can also use some types of certificate as digital ID. Others can
electronically challenge you to prove you know the private key that
fits with the public key in the certificate by encrypting a message
they provide.
❖ The problem with that is, all the information in the certificate is revealed
to whoever you show it to.
❖ If you want to selectively reveal information, you need several
certificates.
❑ You might want one with just your birth date for entry to porn sites, but
no other information. You might want one that revealed only a very
minimal amount of information when dealing with on-line vendors to avoid
being bombarded with junk electronic and snail mail.
Digital certificates can also be used instead of passwords to verify
who you are to some site.
❖ The site challenges you by sending you a message that you digitally sign
and send back. If some spy had snooped on you logging in before, it
would not help him to spoof you, the way it would had you used a
password.
❖ Thus, a digital certificate eliminates remembering multiple passwords and
enhances security, because it can not be guessed, forgotten, forged, or
Slide-12 intercepted.
 Digital Certificate
For what purposes you can use the digital certificates (cont…)?

Other types of certificate allow you to encrypt and sign all HTML
traffic leaving your web server, thus proving it came from you and
providing privacy.
❖ Recipients can determine whether data did indeed come from you by
checking the digital signature.
❖ To verify, all they need is a master certificate from the signing authority,
which comes built into their browser or email software. They don't need
to check up your key in an on-line database unless they want to check to
see if the certificate has been revoked.
In many ways, digital certificates are the heart of secure online
transactions.
❖ In shopping on the Internet, buyers need evidence that they can trust the
vendor. Digital certificate establishes a merchant’s identity and thus
ensures secure e-commerce transaction.
❖ MasterCard and Visa have designed the SET certificate that can be used
for secure financial transactions over the web. VeriSign supplies the
certificates.

Slide-13
 Digital Certificate
Different Classes of Digital Certificate:
A digital certificate can be issued (for a fee) in one of FOUR classes:
1. Class 1 Certificate:
❖ Certificates of this class are the quickest and simplest to issue
because they contain minimum checks on the user’s background.
Only the name, address and e-mail address of the user are checked.
Think of it as a library card.
2. Class 2 Certificate:
❖ Certificates of this class check for information like real name, SSN
(social security number), and date of birth of the user. They require
proof of physical address, locale, and e-mail address as well. This is
more like a credit card, because the company giving out the
certificate will consult with a credit database for verification with a
third party.
3. Class 3 Certificate:
❖ Certificates of this class are the strongest type in terms of specifics.
They are like a driver’s license: To get them, you need to prove
exactly who you are and that you are responsible. Organizations
whose specialty is the security business foresee class 3 certificates
being used for things like loans acquired online and other sensitive
transactions.
4. Class 4 Certificate:
❖ Certificates of this class are the most thorough. In addition to class 3
requirements, the certificate authority checks on things like the
Slide-14 user’s position at work.
 X.509 Digital Certificate

Although the use of a CA has solved the problem of public-key

fraud, it has created a side-effect.
❖ Each certificate may have a different format.
❖ If Alice wants to use a program to automatically download different
certificates and digests belonging to different people, the program may
not be able to do this.
❑ One certificate may have the public key in one format and another in a
different format.
❑ The public key may be on the first line in one certificate, and on the
third line in another.
❖ Anything that needs to be used universally must have a universal
format.
To remove this side effect, the ITU has designed X.509, a
recommendation that been accepted by the Internet with some
changes.
X.509 is a way to describe the certificate in a structured way. It
uses a well-known protocol called ASN. 1 (Abstract Syntax Notation
1) that defines fields familiar to C programmers.

Slide-15
Common Components of X.509
Certificate
An X.509 certificate typically contains the following elements:
1. Version: Identifies the version of the X.509 standard being used (usually version 3 in
modern systems).
2. Serial Number: A unique identifier assigned by the Certificate Authority (CA) to distinguish
this certificate from others.
3. Signature Algorithm: Specifies the cryptographic algorithm (e.g., SHA-256) that the CA
used to sign the certificate.
4. Issuer: Details about the Certificate Authority that issued the certificate, including its name
and potentially other identifying information.
5. Validity Period: Specifies the start and end dates for which the certificate is valid. After the
expiration date, the certificate is no longer trusted.
6. Subject: Information about the entity the certificate is issued to (e.g., a user, a website, or
an organization). This can include details such as the organization name, domain name,
and location.
7. .
1. Subject Public Key Info: Contains the subject's public key and the
algorithm used to generate it. This key is used for secure
communications with the subject.
2. Extensions (Version 3 only): Optional fields that provide additional
information about the certificate’s capabilities.
3. Signature:
This field is made of three sections-
• The first section contains all other fields in the certificate.
• The second section contains the digest of the first section encrypted with
the CA’s public key.
• The third section contains the algorithm identifier used to create the
second section
 X.509 Certificate
Format of X.509 Certificate:
Figure below shows the format of X.509 certificate.

Figure: X.509 certificate format

Slide-18
 X.509 Certificate
Certificate Renewal:
Each certificate has a period of validity.
If there is no problem with the certificate, the CA issues a new certificate
before the old one expires.
❖ The process is like the renewal of credit cards by a credit card company; the
credit card holder normally receives a renewed credit card before the one
expires.

Slide-19
 X.509 Certificate
Certificate Revocation:
In some cases a certificate must be revoked before its expiration.
Here are some examples:
a) The user’s (subject’s) private key (corresponding to the public key listed in
the certificate) might have been comprised.

b) The CA is no longer willing to certify the user. For example, the user’s
certificate relates to an organization that she no longer works for.

c) The CA’s private key, which can verify certificates, may have been
compromised. In this case, the CA needs to revoke all unexpired
certificates.

The revocation is done by periodically issuing a certificate revocation

list (CRL).
❖ The list contains all revoked certificates that are not expired on the date the
CRL is issued.

❖ When a user wants to use a certificate, she first needs to check the
directory of the corresponding CA for the last certificate revocation list.

Slide-20
 X.509 Certificate
Certificate Revocation Format (cont…):

A certificate revocation list has the following fields:

❑ Signature algorithm ID:
This field is the same as the one in the certificate.

❑ Issuer name:
This field is the same as the one in the certificate.

❑ This update date:

This field defines when the list is released.

❑ Next update date:

This field defines the next date when the new list will be released.

❑ Revoked certificate.
This is a repeated list of all unexpired certificates that ha been revoked. Each
list contains two sections: user certificate serial number and revocation date.

❑ Signature.
This field is the same as the one in the certificate list.

Slide-21
 Certificate Authority
Selecting a Certificate Vendor:

Some criteria to consider when buying your certificate are:

❑ Cost, both initial and renewal.
❑ Does the company provide all the different kinds of certificate you will
need. It is much less hassle to get everything from one source.
❑ Are the root certificates (root certificates are typically pre-installed at the
factory in browsers) of that vendor built into the browsers your clients will
be using? If not, it will be a hassle for your users to manually install them.
❑ What sort of reputation does the vendor have for service? Basically you are
paying them to verify that you are you. You want them to do that
thoroughly without driving you crazy.

Slide-22
 Public-key Infrastructure (PKI)
Public-Key Infrastructure (PKI) is a model for creating, distributing,
and revoking certificates based on the X.509.
The Internet Engineering Task Force has created the Public-Key
Infrastructure X.509 (PKIX).

Duties of PKI:
Several duties have been defined for a PKI. The most important ones
are shown in the figure below:
❑ Certificates’ issuing, renewal, and revocation: These are
duties defined in the X.509. Because the PKIX is based
on X.509, it needs to handle all duties related to
certificates.
❑ Keys’ storage and update: A PKI
should be a storage place for private
keys of those members that need to
hold their private keys somewhere
safe. In addition, a PKI is responsible
for updating these keys on members’
demands.

Figure: Some duties of a PKI

Slide-23
 Public-key Infrastructure (PKI)

Duties of PKI (cont…):

❑ Providing services to other protocols: Some Internet security protocols,
such as IPSec and TLS, are relying on the services by a PKI.

❑ Providing access control: A PKI can provide different levels of access to the
information stored in its database. For example, an organization PKI may
provide access to the whole database for the top management, but limited
access for employees.

Slide-24
 Public Key Infrastructure (PKI)
Trust Model:
It is not possible to have just one CA issuing all certificates for all
users in the world.
There should be many CAs, each responsible for creating, storing,
issuing, and revoking a limited number of certificates.
The trust model defines rules that specify how a user can verify a
certificate received from a CA.

Hierarchical Model:
In this model, there is a tree-type structure with a root CA.
The root CA has a self-signed, self-issued certificate; it needs to be
trusted by other CAs and users for the system to work.

Slide-25
 Public Key Infrastructure (PKI)
Hierarchical Model (cont..):
Figure below shows a trust model of this kind with three hierarchical
levels. The number of levels can be more than three in a real situation.
❑ The figure shows that the CA (the root) has signed certificates for CA1,
CA2, and CA3; CA 1 has signed certificates for User1, User2, and User3;
and so on. PKI uses X<<Y>> as the notation to mean the certificate issued
by authority X for entity Y.

Slide-26 Figure: PKI hierarchical model

 Public Key Infrastructure (PKI)

Example-1:

Show how User1, knowing only the public key of the CA (the root), can
obtain a verified copy of User3’s public key.

Solution:
User3 sends a chain of certificates, CA<<CA1>> and CA1<<User3>>,
to User1.

a) User1 validates CA<<CA1>> using the public key of CA.

b) User1 extracts the public key of CA1 from CA<<CA1>>.

c) User1 validates CA1<<User3>> using the public key of CA1.

d) User1 extracts the public key of User3 from CA1<<User3>>.

Slide-27