Cryptography Reference
In-Depth Information
The encryption method PEM dictates is DES in the form of an MD5 hash
function, which shouldn't come as a surprise since it is a US standard.
Key Management
An important difference between PEM and PGP is how public keys are man-
aged. Rather than using a Web of Trust, PEM relies on a centralized server
hierarchy that is compatible with the X.509 protocol (see Figure 7.2).
When Alice wants to send a message to Bob, Bob first sends his certificate
to Alice. This certificate was signed by Egon. Alice uses Egon's public key
to check his signature. Egon's public key was signed by Kurt. Kurt's public
key was signed by both Helmut and James. James's key was signed by Marek,
and Marek's key was signed by Alice herself. So Alice can verify that Bob's
certificate is authentic.
Each computer underneath the root server makes a generally readable
cer-
tificate
available, which was signed by the computers above
and
below that
computer within the hierarchy, and which contains the certified public key (as
well as an expiration date, the algorithms, the name of the issuer, etc.).
The construction of such hierarchies is related to
PKIs
(
Public Key Infras-
tructures
). There was an enormous hype about these PKIs, especially toward
the end of the 1990s. Difficulties with the organization and acceptance had
been totally underestimated; you may compare this with the 'dotcom bubble'.
Helmut
Kurt
Theo
James
Hendrik
Marek
Egon
Susi
Alice
Bob
Figure 7.2:
Hierarchical model of PEM. Superimposed computers mutually
sign their certificates; the thick arrows show the path along which Alice checks
Bob's certificate.
