Public Key Infrastructure part 1 – Introduction to encryption and signature

A Public Key Infrastructure (PKI) is a security component. It signs certificates for different purposes such as encryption, signature or authentication. Because PKI is a security component, the solution has to respond to three criteria:

  • Confidentiality: means that only intended recipients can read the information;
  • Authenticity: to ensure that the information really comes from the issuer that it claims to come;
  • Integrity: mechanisms to verify that information have not been altered.

In this part we will see how to respond to these criteria with technical mechanisms such as encryption, signature or integrity checking.

Confidentiality

Why encrypt?

Encryption is a mechanism to make the information unreadable to anyone except the wanted recipient. The information can be created, stored and sent encrypted. For example in enterprise, some information has to be encrypted such as trade secrets or salaries. Thanks to encryption, the information can be confidential.

In the modern world, there are two encryption ways: the symmetric cryptography and the asymmetric cryptography. The symmetric cryptography is based on a single key which is shared while asymmetric cryptography is based on a two keys. We will see in details these mechanisms after. But now, have a look on an old encryption algorithm (certainly one of the first): the Caesars code.

Example of encryption: the Caesar code

The Caesar code has been created by Julius Caesar to send military orders to his legions. This algorithm is based on the alphabet in plaintext and a key which is a number. To encrypt the message, the alphabet is right or left shifted with the value of the key. Example with a right shift key of 3:

Figure 1: Code Caesar

  • Plaintext alphabet: abcdefghijklmnopqrstuvxyz
  • Encrypted Alphabet: defghijklmnopqrstuvxyzabc

Example:

  • Encrypted message: Pb phvvdjh lv hqfubsxhg
  • Plaintext message: My message is encrypted

The main problem of this encryption algorithm is that it is easy to break. For example on the above example you can use a letter that is often used to break the cipher. Moreover it is simple to break the cipher when the word is small. More you use the same key, more it is easiest to break it. It is called the key wear out.

Key definition

As the Caesars code, modern encryption algorithm uses a key. A key is a very long random number generated by the machine. This is these keys that are used to encrypt. There are two sorts of keys: Private Key and Public Key. When a public key is used (cf. Asymmetric cryptography), it is mathematically related to private key.

Symmetric cryptography

Symmetric cryptography is based on the usage of a single private Key shared between two or more entities:

Figure 2: Symmetric cryptography

The key Kpr is shared between entities. In this way, information can be encrypted and unencrypted with this key. But more you share your private key, less it is a private key. This is why asymmetric encryption has been invented. Symmetric cryptography is implemented in AES, 3DES, Blowfish, RC4 etc. Usually the key length is small: a key with 256 bits is a strong key.

The main advantage of symmetric cryptography is that encryption is fast and use few system resources. But because the private key is shared between one or more entities, the security of this solution is lower than asymmetric cryptography.

Asymmetric cryptography

Asymmetric cryptography is based on a bi-key (Private and Public key). These two keys are mathematically related. With asymmetric cryptography, the private key is not shared between entities. Instead of the public key is shared. To encrypt information, the public key is used and on the other side, the private key is used to unencrypt:

Figure 3: Asymmetric cryptography

The public key (Kpu) is sent to the correspondent. This key is used to encrypt the information. The related Private key (Kpr) is used to unencrypt information. So this last is very critical because it permits to unencrypt information. Asymmetric cryptography is implemented mainly in RSA or DH (Diffie Hellman). Usually the key length is long: a 4096 bits key is the minimum recommended today.

The main advantage of asymmetric cryptography is that it is really robust. However this solution consumes a lot of system resources (mainly CPU) and the encryption is slow.

Modern encryption

Each encryption algorithm has advantages and convenient. Symmetric cryptography is fast but is not robust while Asymmetric cryptography is the opposite. So why not associate the two world to have a robust and faster solution?

So modern algorithm uses a session key (temporarily key) to encrypt information with symmetric cryptography. Next the session key is encrypted with the public key of the recipient. To unencrypt information, first the recipient unencrypt the session key with his private key and unencrypt information with the session key.

Figure 4: Modern encryption algorithm

On the sender side, the below action are performed:

  1. A temporarily key called session key (Ks) is generated;
  2. The information is encrypted with Ks;
  3. Next the Ks is encrypted with the public key (Kpu) related to the private key of the recipient. This key is called Kse;
  4. The Kse is added to the encrypted information file. This file is sent to the recipient.

 

On the recipient side, the below action are performed:

 

  1. The encrypted information and Kse are separated;
  2. The Kse key is unencrypt with the private key (Kpr) of the recipient and becomes the Ks;
  3. The document is unencrypted with Ks.

For the rest, I will use this algorithm as a reference in particular to explain the interaction between integrity checking, signing and encryption. So the good understanding of this algorithm is required before to go further.

Integrity

Why verify integrity?

Integrity checking is the mechanism to verify if the information has not changed. The information can be changed due to encryption malfunctioning, network problem or malicious modification. To validate the integrity, a thumbprint of the information is created. A thumbprint (also called hash or digest) is created by an algorithm that create a shorter bit string from an information. This shorter bit string must be unique.

Sometimes two different information leads to the same thumbprint: it is called a collision. For example MD5 is vulnerable because it is possible to create collision on demand. So it is easy for an attacker to make believe that the information has not changed. The most popular algorithms are SHA-256, SHA-1 or MD5.

Create a thumbprint

To create a thumbprint, the initial information is passed to the input of a hash algorithm. The result is a digest.

Example of thumbprint of “I love Security”:

  • MD5: f3f57004371b08ee73327ae2e5353958
  • SHA-1: 8c9855b2c81c1e3278a5ce6a771e5c3f74ee09b5
  • SHA-256: 1675cd4ee780f6cc04c6d3b54faa2de90fb5b18cdacc974dacf2d99d35307cce

Authenticity

Why sign?

The digital signature enables to ensure the information integrity (using hash algorithm) and the authenticity. Signature is used as in real life. For example, when you subscribe to a service you want:

  • A document signed by the company (authenticity);
  • Your signature identify you and only you (unfalsifiable);
  • Your signature can’t be used for other subscription. If you want to subscribe another service, you have to resign with a new signature (non-reusable);
  • Contract doesn’t change over time (unalterable);
  • Both side (company and you) can’t deny that they have signed the document (irrevocable).

The digital signature has to be authentic, unfalsifiable, non-reusable, unalterable and irrevocable. When all this property are gathered, the authenticity and the integrity of an information can be verified.

Signature operation

The signature operation is based on asymmetric cryptography. First a digest of the initial information is created and this last is encrypted with the private key. This operation is called the signature.

To validate the signature, the recipient extracts the encrypted digest from the message and use his public key to unencrypt it. Next the recipient creates a digest from the received information and compare it with the previously unencrypted digest. This is the signature checking process.

Figure 5: Signature operation

A good way to remember when the private key is used is to know what information is important in each operation. In signature process, the critical information is the digest so the private key is used to sign. In encryption process, the critical information is encrypted: so the private key is used to unencrypt.

Encryption and signature operation

Now that we are aware about encryption, hash algorithm and signature, let have a look how these elements interact together to make an information confidential, authentic and honest.

Figure 6: Encryption and signature operation

When the signature and encryption are used together, the signing process is done firstly. So this step are performed in this order:

  • A digest is created from the initial information;
  • This thumbprint is encrypted with the private key (Kprg);
  • The thumbprint is added to the initial information (in the same file);
  • A temporarily session key is generated (Ks) It will be used to encrypt initial information;
  • The session key is encrypted (Kse) with the public key of the rececipient (Kpub);
  • Kse is added to encrypted information file. So this file is contains the encrypted information, the Kse and the signature.

When the recipient receives the file from the issuer, it begins by unencrypt file and next to verify the signature:

  • The recipient extract the Kse from the received file. This key is unencrypt with the private key (Kprb) to obtain session key (Ks);
  • Ks is used to unencrypt information;
  • Next recipient extract the encrypted thumbprint;
  • The public key (Kpug) is used to unencrypt the thumbprint;
  • In the same time, the recipient creates a digest from the previously unencrypted information;
  • To finish, the recipient compares the unencrypted thumbprint with the digest generated from unencrypted information. If they match, the signature is verified.

About Romain Serre

Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).

16 comments

  1. Dear Mr. Romain Serre.

    We have business web site in development that Will be used for internet Access (outside local network) to business application and shared data. This business web site will be secured with user certificate and username and paswword. We need to implement PKI to allow users to obtain user certificates online to access this new web site. Such as this: User will log on different web site (outside local network), authenticate with domain username and password and then request for certificate issue. This request will be automatically processed and this user will receive an email with a key or a code. User will now log on the same web site, enter teh code, that he received with email, and then he will be able to download his user certificate and installed it on a computer.

    Please tell us, where can we get instructions to implement this?

    Best Regards,
    Martin Podgorsek

    • Hi martin,

      You should use the Certification Authority Web Enrollment which is a set of web services that enables to interact with the CA. The user can logon on web services with domain account to request a certificate. Below you have link about this feature:

      https://technet.microsoft.com/en-us/library/hh831649.aspx
      https://technet.microsoft.com/en-us/library/dd759241.aspx
      https://careexchange.in/how-to-install-certificate-authority-on-windows-server-2012/

      I hope I have helped you 🙂

      Romain

      • Thank you for replay. I have found what i need to start. Just one more question. Is there any major security risk with this web site for users for requesting certificates?

        Best Regards, Martin.

        • Hi Martin,

          Web Service interact with the CA to request certificate. The Web Service doesn’t manage the CA itself. However because it is a Web Server and it is accessible from Internet, you should protect this server with special attention (Hardening, Flow management etc.).

          Regards,

          Romain

          • Hi Romain.

            So far i have found everything that i need, but one last thing. I can`t find an article about actual configuring web page, that users can login, for requesting certificates. Can you please help me with that?

            Best Regads, Martin

          • Hi Martin,

            I don’t understand which Web Page you want to configure. You tak about the Web Enrollment or the web page of your custom application ?

          • Hi, Romain.

            I meant Web Enrollment. How to present CA web page to be seen on internet ouside the company. With this part i need help. I know i need an A record of this web page on our domain DNS settings, router setting for redirecting to CA server web page.

            Best Regards, Martin.

          • Hi Martin,

            You have to install the Web Enrollment server in a DMZ. In the firewall you have to open the HTTP port to your Web Enrollment server and make NAT (you should talk about this point with your network admin). Next you need a A record on public DNS. If your public DNS is MyCorp.com, you should create a record called for example “certificate”. In this way users will use certificate.mycorp.com to connect to your web service.

            Regards,

            Romain.

  2. Who are the best PKI companies for national PKI ( signature and authentication ) for a country. I am aware of Verisign and Entrust but they are on the high side cost wise.

  3. Hi Romain,
    Thank for your answer, however can you advise as to what is required by a country to obtain a PKI root and CAs. If they establish a root and CA then can they generate their own certificates independently or do they have to continue to purchase certificates for each card issue. Do you know off hand the approximate cost of establishing such an infrastructure for a population of 4 million.

    Regards,
    Talal

  4. Very Nice explanation.

  5. It’s a nice attempt at an explanation, but unfortunately, it’s grammatically “encrypted”. I recommend you have a friend(s) who speak English as their first language proofread your text before you post it. No disrespect intended, it’s just that it’s an already complicated subject that’s further exacerbated by having to decipher what you’re trying to say. Other than that, it’s a very nice post, sir.

  6. Very Good Document, Well explained. I understand the fundamentals of PKI. Thank you for your time and posted the document 🙂

  7. hi Romain i abdu i working on the constructions of pki system could you advice me about the infrastructure required for imtermediate CA.
    thank you

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

Public Key Infrastructure Part 7 – Enrollment and Auto-enrollment

Public Key Infrastructure Part 1 – introduction to encryption and signature Public Key Infrastructure Part ...

Public Key Infrastructure Part 6 – Manage certificate templates

Public Key Infrastructure Part 1 – introduction to encryption and signature Public Key Infrastructure Part ...

Public Key Infrastructure Part 5 – Registry key, certutil and Active Directory

Public Key Infrastructure Part 1 – introduction to encryption and signature Public Key Infrastructure Part ...