Cryptography Reference
In-Depth Information
11
Public-Key
Management
This chapter continues our investigation of key management by looking at
particular issues that relate to public-keymanagement. These issues primarily
arise due to the need to provide assurance of purpose of public keys. It is important
to state from the outset that this chapter should be regarded as an
extension
of Chapter 10 for public-key cryptography, not a
replacement
. Most of the key
management issues discussed in Chapter 10 are also relevant to the management
of key pairs in public-key cryptography.
The term
public-key infrastructure
(PKI) is often associated with key manage-
ment systems for supporting public-key cryptography. We avoid it for several
reasons:
1. The term 'PKI' is often used in confusing ways. In particular, it is often incorrectly
used to refer to public-key cryptography itself, rather than the supporting key
management system.
2. The notion of a PKI is strongly associated with a key management system that
supports public-key certificates. While this is the most common approach to
designing a public-key management system, it is not the only option. We will
consider alternative approaches in Section 11.4.
3. The attention paid to the concept of a PKI rather deflects from the fact that
all cryptosystems require key management systems to support them. We do
not often hear the term
symmetric key infrastructure
(SKI), yet key management
support for symmetric cryptography is just as essential as it is for public-key
cryptography.
At the end of this chapter you should be able to:
• Explain the purpose of a public-key certificate.
• Describe the main phases in the lifecycle of a public-key certificate.
• Discuss a number of different techniques for implementing the different
phases in the public-key certificate lifecycle.
• Compare several different certificate-based public-keymanagement models.
• Be aware of alternative approaches to certificate-based public-key
management.
