Public Key Infrastructure and Certificate Services on Windows Server 2003

A private key is the means by which an identity is authenticated, which means that possession of a private key equal’s identity. Ergo, you have my private key, you are me. Private keys are among the most closely guarded secrets in the computing world. Organizations will implement measures such as vaults, physical guards, and hardware based storage to protect private keys. Every private key has a corresponding public key. This key by its very nature is available to anyone who wants it. Together they provide the core service of a PKI – identification (public key) and authentication (private key). When applied to encryption, there is one important rule that must be understood. Any data that has been encrypted using a private key, can only be decrypted using the corresponding public key, and hence any data that has been encrypted using a public key, can only be decrypted using the corresponding private key.

This leads to two interesting scenarios. If Alice wants to send a message to Bob such that Bob is assured it came from Alice, she only has to encrypt the message with her private key and forward it to Bob. Bob has her public key (how is irrelevant at this stage) and uses it to decrypt the message. Secondly if Alice wants to send a message to Bob such that only Bob can read the message, she only needs to encrypt the message with Bob’s public key.

Two assumptions are made with these examples. First of all we are assuming that Alice is the only person with a copy of her private key. Second we are assuming that her public key is in fact her public key; it has not been tampered with. The only way that we can be assured that the only copy of Alice’s public key is in her possession is if the organization managing her key has taken sufficient steps to protect it. In Windows, the private key is stored as part of the users profile, which is protected by the users password or smart card. In some implementations, the private key can be stored on a hardware storage module or a smart card. The public key is protected from change by informing the user of the public key when unauthorized change has occurred. This is the function of the one-way hash.

A common question is “how are public keys made public?”. The answer is simple – certificates. The sole purpose of a certificate is to show identity. Identity is proven by the mathematical relationship between a public and a private key. Alice’s public key informs Bob of her identity. Her private key proves her identity. When Alice sends Bob a copy of her certificate, the certificate contains a copy of her public key. Since this public key is the only thing that can decrypt data that was encrypted with Alice’s private key, successful decryption of the data implies that it was in fact encrypted by Alice’s private key. Since possession of a private key equals identity, then Alice must have encrypted the data.

A public key, although it is public, should never be modified. Because every public key is mathematically related to a private key, changing the public key changes the relationship, and thus prevents it from being trusted. Although it is technically impossible to prevent modification of data, modification can be detected. If a modification of data is detected, then the user can be informed that the data may be invalid or altered. Hashing algorithms reduce large documents to a predictable set of bits. This set of bits can be then recreated and compared. This operation is similar to that of a cyclic redundancy check (CRC) or parity bit in other communications. Since hashing removes bits, reconstruction of the originating document is impossible. Also, by their very nature, a single bit level change in a document will result in a 50% change in the hash value. This makes hashing a very effective method of detecting change in data.