- In an asymmetric cryptosystem, only public keys are distributed which not kept secret. And hence can transmit over an insecure communication channel.
- In an asymmetric cryptosystem, the key distribution procedure involves an authentication procedure to prevent an intruder from generating a pair of keys.
- A common method is to use a public- key manager (PKM) that maintains a directory of public keys of all users in the system.
- Moreover, The public key known to all users, while the secret key known only to the PKM.
- Suppose user A wants to communicate with user B. Then it sends a request message (cipher-text) to the PKM to establish a secure logical communication channel with user B.
- Also, PKM decrypts the message, extracts the public Key Distribution corresponding to the user IDs. And sends it (cipher text form) to user A.
On receiving the message, user A decrypts the message and confirms that the message is a reply to its request.
- Next, it sends a message to user B who decrypts the message and understands that it is a request for communication.
- To authenticate the correct public key, user B sends a request to the PKM, gets the public key and authenticates user A.
- This allows regular communication to start.
- Authenticated distribution of public keys takes place through public-key certificates.
- Also, These certificates consist of public keys and the identities to which the keys associated.
- A certification authority signs the <public key, identified> pair and places it on the certificate.
- Similarly, A private key (Kca -) of the certification authority used to sign the certificate. Its corresponding public key (Kca +) known.
- Moreover, If a client wishes to verify that the public key found in the certificate belongs to the identified entity, then it uses the public Key Distribution of the certification authority to verify the certificate’s signature.
- If the signature on the certificate matches the <public key, identified pair>, then it accepts that the public key belongs to that entity.