Concepts of PKI
What is Public Key Infrastructure?
Public Key Infrastructure (PKI) covers the use of public key cryptography and digital certificates as the accepted means of authentication and access control over untrusted networks, such as the Internet. While public key cryptography addresses issues of data integrity and transaction privacy, certificates address concerns in authentication and access control.
Public key cryptography involves the use of a pair of different, but related, keys, which enables the conduct of electronic commerce securely on the open telecommunications network or the Internet. Each user has a private key and a public key. The private key is kept secret, known only to the user; the other key is made public by placing it in the Public Directory maintained by Hongkong Post.
A digital certificate is a digital document attesting to the binding of a public key to an individual or other entity. It allows verification of the claim that a specific public key does in fact belong to a specific individual. A Hongkong Post e-Cert contains a public key, the name of the holder, an expiration date, a certificate serial number and subscriber reference number.
What is a Digital Signature?
A digital signature, in relation to an electronic record, is the electronic signature of a signer. It is generated by the transformation of the electronic record using asymmetric cryptography and a hash function. A person having the initial untransformed electronic record and the signer's public key can then determine:-
- whether the transformation was generated using the private key that corresponds to the signer's public key; and
- whether the initial electronic record has been altered since the transformation was generated.
What is Encryption?
Encryption is the transformation of a message into an incomprehensible form by a key. Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into a comprehensible form by the corresponding key.