**Understanding the Public Key Infrastructure**

Modern encryption, and by extension much of the web of trust that is built around it, is based on the Public Key Infrastructure, or PKI.

**Understanding PKI without maths**

Most explanations start off by mentioning that dreaded word, – “mathematics”. Let’s see if we can get an idea of how it works without using any maths at all.

**Introducing Alice, Bob, and Eve**

Now in security circles, there are three very interesting people you meet all the time. They are called Alice, Bob, and Eve.

Alice and Bob are usually involved in scenarios where one of them wants to send a message, and Eve is a third party who likes to eavesdrop. (hence the choice of name, Get it? )Let’s suppose for a moment that Alice has some important (and secret) documents that she wants to send to Bob.

Bob’s fond of gadgets, and his current favorite is a rather nifty padlock that is a little bit unusual. Most padlocks have just one key to lock and unlock them. Bob’s padlock comes with TWO keys: a red key and a blue key.

The red key *unlocks *the padlock. But you can’t *lock* the padlock using the red key. You need to insert the blue key (and twist it the opposite way) to allow the padlock to be locked.

Similarly, you can’t UNLOCK the padlock with the blue key. Once it’s locked, you need the red key to unlock it. So only someone with a copy of the red key AND the blue key can both lock and unlock the padlock.

**Bob sends a briefcase, along with padlock and key, to Alice**

Bob unlocks the padlock with the red key. He stashes the red key in his office safe.

He then places the unlocked padlock inside a briefcase along with the blue key and he sends this to Alice, keeping the red key safe.

**Alice places the documents in the briefcase, secures it with the padlock, and returns it to Bob**

When Alice receives the briefcase, she places the documents inside it. She then uses the padlock to lock the briefcase, using the blue key to lock the padlock.

Recall that once she has done this, she cannot unlock the padlock. Only Bob can do this.

She sends the briefcase back to Bob and keeps the key. It’ll come in handy if any more secrets need to be interchanged.

Bob simply unlocks the padlock with the red key, having retrieved it from his office safe. Now he has the secret documents.

**Eve’s cunning plan to intercept the documents and copy them**

Unknown to either Alice or Bob, Eve works for the courier company that is used to send the briefcase.

In her privileged role, she can intercept Bob’s shipment to Alice. She takes the blue key and makes a copy of it, then puts everything back just as she found it.

Then she waits for Alice to send the secret documents back to Bob. Her plan was to use her copy of the key to unlocking the briefcase, take out the secret documents and photocopy them. Then she could re-lock the briefcase and send it on its way. No-one would know that Eve has stolen the secret documents.

But unfortunately, as I’m sure you guessed by now, her cunning plan is foiled by Bob’s high-tech padlock. When Eve tries to unlock the padlock using her copied key, she is unable to open the briefcase. Only Bob can do that, using his red key.

Bob’s high-tech padlock solves a difficult problem: if he’d used a normal padlock, obviously Eve’s plan would have worked.

**The problem of secure key exchange**

Historically, before PKI was invented, encryption and decryption were what is known as a *symmetrical* process. That is, you could *encrypt* a message using a key, and then the recipient could *decrypt* the message using the same key.

The problem here is that before two parties – Alice and Bob – can exchange encrypted messages – they must somehow ensure that both have a copy of the secret key. And the obvious problem with *that* is – how do you stop Eve from stealing a copy of the key?

Obviously, Alice and Bob can arrange to get together and securely exchange a copy of the key. But what if there are dozens, hundreds, or even thousands of parties who need to securely communicate with each other?. Clearly, this approach won’t scale.

**Public and private keys**

The breakthrough was made when the equivalent of Bob’s high-tech padlock was invented. Three very smart people (Rivest, Shamir and Adleman) came up with a mathematical trick that meant that the key you need to *encrypt* a message is *different* to the key you need to *decrypt* the message.

*[Strictly this isn’t quite true. Three intrepid chaps working for GCHQ in the UK had already made the breakthrough. But, in the same way, that works at Bletchley Park to decrypt German communications in WW2 was kept secret until the mid-1970s, their work was immediately classified, and so, thanks to the famous British Stiff Upper Lip, all the credit subsequently went to others]. *

Since I promised I would avoid mathematics, it’s not terribly important to understand how this magic works. All you need to understand is that Bob’s blue key is known in PKI terms as a *public key* and his red key is known as a *private key.*

#### Both keys are very long numbers. The longer the numbers, the more secure the encrypted message will be.

It’s important to note that public keys are not secret. Bob could mail all his friends a copy of the blue key for his padlock. He could even have sent Eve a copy – as you recall, she made one anyway, but it didn’t really matter.

Anyone wanting to send Bob a secret message need only encrypt it using Bob’s public key. This is, of course, analogous to Alice locking the briefcase with the blue key.

Now the only person who has a copy of Bob’s private key is, of course, Bob. And Bob’s private key – the red key in our analogy – is the only key which unlocks the padlock. So only Bob can decrypt the secret message.

**Verifying the sender of a message**

Our previous little story is vulnerable to another attack by Eve. This relies on the fact that *if* Alice blindly uses the key supplied with the briefcase to lock the padlock, how can she be sure that the key and padlock were actually supplied by Bob?

To torture our previous analogy a bit, suppose that, rather than *just* send Alice a copy of his public key along with the briefcase, Bob had arranged for Alice to receive it through some intermediary that both parties trust, perhaps an old friend who happens to be traveling to where Alice lives.

He also sends another copy of the public key with the briefcase.

**Eve’s new cunning plan…**

Now imagine that Eve, working for the courier company has sneakily swapped out the padlock and key that Bob provided with a *different* padlock and key. She has the matching key to unlock her replacement padlock, so her crafty plan is that Alice will lock the briefcase with what she *thinks* is Bob’s padlock, using Eve’s replacement key. Then Eve can unlock the briefcase when it returns to the couriers for its journey back to Bob. She can then copy the documents, then relock the briefcase with the original padlock. No-one will know…

Unfortunately, Eve is foiled because Alice attempts to lock the padlock using the blue key that she received through the trusted intermediary. Of course, she cannot lock it, so now she knows that someone has intercepted the shipment and tampered with it. She does *not* mail back the briefcase and the secret documents.

In our analogy, Alice receives Bob’s public key via someone she trusts. In the real world, this trust process is managed by Certification authorities, or CAs for short.

**Certification authorities**

A relatively small number of companies dominate the market as certification authorities. For example, Verisign, now owned by Symantec, has nearly 50% of the market.

When Bob wants to disseminate a public key, he goes to a CA such as Verisign/Symantec and he provides sufficient proof of his identity to satisfy the CA.

In turn, the CA produces a *certificate* – a tamper-proof electronic document – which asserts that Bob’s public key is a certain key. The certificate includes sufficient information about Bob’s identity that we can be confident about associating Bob with the public key in the certificate.

Because part of the body of the certificate includes a *digital signature*, computed from the certificate contents, it is possible to ensure that a certificate has not been tampered with. I’ll talk about digital signatures in a subsequent post.

By using CAs and public keys, you can see how the PKI allows any number of people to communicate securely with each other. Since private keys are kept secure, an attacker cannot intercept the communications and decrypt them.

I have simplified things quite a bit here to avoid making this post too lengthy. In subsequent posts, we’ll look at some other areas of security and encryption that complement the PKI and ensure that communications are even more secure.

We’ll look at a very clever way of exchanging secret keys called Diffie-Hellman, which is a fundamental part of modern cryptography. We will also look at *digital signatures,* which allow a recipient to be confident that a document has not been tampered with in transit, and that its sender is who they claim to be.

Want to write for 1E? We’ve made it easy to be a part of a quickly growing environment fostering the ideas and expertise of Microsoft MVPs. Our exciting program offers incentives for the post that does the best. Not an MVP? You can still apply to write for us here. We can’t wait to hear what you’ve got to say!