UNIT I INTRODUCTION AND KEY MANAGEMENT

Basics of cryptography, hash functions, authentication and digital signatures. Key Management and
Distribution: Symmetric Key Distribution, Distribution of Public Keys, X.509 Certificates, Public key
Infrastructure.

BASICS OF CRYPTOGRAPHY
Cryptography is a technique of securing information and communications using codes to ensure
confidentiality, integrity and authentication. Thus, preventing unauthorized access to information. The prefix
"crypt" means "hidden" and the suffix "graphy" means "writing". In Cryptography, the techniques that are
used to protect information are obtained from mathematical concepts and a set of rule-based calculations
known as algorithms to convert messages in ways that make it hard to decode them. These algorithms are
used for cryptographic key generation, digital signing, and verification to protect data privacy, web browsing
on the internet and to protect confidential transactions such as credit card and debit card transactions.

Features Of Cryptography
The features of cryptography that makes it a popular choice in various applications could be
listed down as:
1. Confidentiality: Information can only be accessed by the person for whom it is
intended and no other person except him can access it.
2. Integrity: Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
3. Non-repudiation: The creator/sender of information cannot deny his intention to send
information at a later stage.
4. Authentication: The identities of the sender and receiver are confirmed. As well
destination/origin of the information is confirmed.
5. Interoperability: Cryptography allows for secure communication between different
systems and platforms.
6. Adaptability: Cryptography continuously evolves to stay ahead of security threats and
technological advancements.
How Does a Cryptographic Key Work?
As we all know that cryptography technique is use to convert plain text into ciphertext. This
technique is done by cryptographic key. Basically cryptographic key is a string of characters
which is used to encrypts the data and decrypt the data.
 "Geeks for Geeks" + ⚿ = "HYMeAS90#"
For example- "Geeks for Geeks" is a plaintext and convert into ciphertext "HYMeAS90#" with
the help of cryptographic key.
Types Of Cryptography
There are three types of cryptography, namely Symmetric Key Cryptography, Asymmetric Key
Cryptography and Hash functions, here's a detailed explanation below:

1. Symmetric Key Cryptography

Symmetric Key Cryptography is an encryption system where the sender and receiver of a
message use a single common key to encrypt and decrypt messages. Symmetric Key
cryptography is faster and simpler but the problem is that the sender and receiver have to
somehow exchange keys securely. The most popular symmetric key cryptography systems
are Data Encryption Systems (DES) and Advanced Encryption Systems (AES) .
2. Hash Functions
There is no key required in hash function cryptography as it uses mathematical equations to
genrate a hash message for nay arbitrary length of message, and the output will be of fixed
length. Some of the famous hash function are:
 SHA-256
 MD5
 MD6
3. Asymmetric Key Cryptography
In Asymmetric Key Cryptography , a pair of keys is used to encrypt and decrypt information.
A sender's public key is used for encryption and a receiver's private key is used for decryption.
Public keys and Private keys are different. Even if the public key is known by everyone the
intended receiver can only decode it because he holds his private key. The most popular
asymmetric key cryptography algorithm is the RSA algorithm.
Applications of Cryptography
Cryptography has wide area of applications in the modern world, where the technology is
rapidly evolving. From authentication measures to cryptocurrencies, cryptography is here to
stay, these are some of the most common applications of cryptography listed below:
 Computer passwords: Cryptography is widely utilized in computer security,
particularly when creating and maintaining passwords. When a user logs in, their password
is hashed and compared to the hash that was previously stored. Passwords are hashed and
encrypted before being stored. In this technique, the passwords are encrypted so that even
if a hacker gains access to the password database, they cannot read the passwords.
 Digital Currencies: To protect transactions and prevent fraud, digital currencies like
Bitcoin also use cryptography. Complex algorithms and cryptographic keys are used to
safeguard transactions, making it nearly hard to tamper with or forge the transactions.
 Secure web browsing: Online browsing security is provided by the use of
cryptography, which shields users from eavesdropping and man-in-the-middle assaults.
Public key cryptography is used by the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols to encrypt data sent between the web server and the client,
establishing a secure channel for communication.
 Electronic Signatures: Electronic signatures serve as the digital equivalent of a
handwritten signature and are used to sign documents. Digital signatures are created using
cryptography and can be validated using public key cryptography. In many nations,
electronic signatures are enforceable by law, and their use is expanding quickly.
 Authentication: Cryptography is used for authentication in many different situations,
such as when accessing a bank account, logging into a computer, or using a secure
network. Cryptographic methods are employed by authentication protocols to confirm the
user's identity and confirm that they have the required access rights to the resource.
 Cryptocurrencies: Cryptography is heavily used by cryptocurrencies like Bitcoin and
Ethereum to protect transactions, thwart fraud, and maintain the network's integrity.
Complex algorithms and cryptographic keys are used to safeguard transactions, making it
nearly hard to tamper with or forge the transactions.
 End-to-end Internet Encryption: End-to-end encryption is used to protect two-way
communications like video conversations, instant messages, and email. Even if the message
is encrypted, it assures that only the intended receivers can read the message. End-to-end
encryption is widely used in communication apps like WhatsApp and Signal, and it
provides a high level of security and privacy for users.
 Types of Cryptography Algorithm
Cryptography Algorithms can be classified into several categories based on the way they
utilize and manage their keys, their efficiency and workflow, here are the most common
algorithms
 Advanced Encryption Standard (AES): AES (Advanced Encryption Standard) is a
popular encryption algorithm which uses the same key for encryption and decryption It is a
symmetric block cipher algorithm with block size of 128 bits, 192 bits or 256 bits. AES
algorithm is widely regarded as the replacement of DES (Data encryption standard)
algorithm.
 Data Encryption Standard (DES): DES (Data encryption standard) is an older
encryption algorithm that is used to convert 64-bit plaintext data into 48-bit encrypted
ciphertext. It uses symmetric keys (which means same key for encryption and decryption).
It is kind of old by today’s standard but can be used as a basic building block for learning
newer encryption algorithms.
 RSA: RSA is an basic asymmetric cryptographic algorithm which uses two different
keys for encryption. The RSA algorithm works on a block cipher concept that converts
plain text into cipher text and vice versa.
 Secure Hash Algorithm (SHA): SHA is used to generate unique fixed-length digital
fingerprints of input data known as hashes. SHA variations such as SHA-2 and SHA-3 are
commonly used to ensure data integrity and authenticity. The tiniest change in input data
drastically modifies the hash output, indicating a loss of integrity. Hashing is the process of
storing key value pairs with the help of a hash function into a hash table.
Advantages of Cryptography
Cryptography has some remarkable features that makes it widely adapted all over the world in
different technologies, here are few points that makes it stand out:
 Cryptography can be used for access control to ensure that only parties with the proper
permissions have access to a resource.
 For secure online communication, it offers secure mechanisms for transmitting private
information like passwords, bank account numbers, and other sensitive data over the
Internet.
 It helps in the defense against various types of assaults including replay and man-in-
the-middle attacks.
 Cryptography can help firms in meeting a variety of legal requirements including data
protection and privacy legislation.

HASH FUNCTIONS
Hash functions in cryptography are extremely valuable and are found in practically every
information security application. A hash function transforms one numerical input value into
another compressed numerical value. It is also a process that turns plaintext data of any size
into a unique ciphertext of a predetermined length.
What is Cryptography Hash Function?
A cryptographic hash function (CHF) is an equation that is widely used to verify the validity of
data. It has many applications, particularly in information security (e.g. user authentication). A
CHF translates data of various lengths of the message into a fixed-size numerical string the
hash. A cryptographic hash function is a single-directional work, making it extremely difficult
to reverse to recreate the information used to make it.
How Does a Cryptography Hash Function Work?
 The hash function accepts data of a fixed length. The data block size varies between
algorithms.
 If the blocks are too small, padding may be used to fill the space. However, regardless
of the kind of hashing used, the output, or hash value, always has the same set length.
 The hash function is then applied as many times as the number of data blocks.
What Does a Cryptography Hash Function Do?
A hash function in cryptography takes a plaintext input and produces a hashed value output of
a particular size that cannot be reversed. However, from a high-level viewpoint, they do more.
 Secure against unauthorized alterations: It assists you in even minor changes to a
message that will result in the generation of a whole new hash value.
 Protect passwords and operate at various speeds: Many websites allow you to save
your passwords so that you don't have to remember them each time you log in. However,
keeping plaintext passwords on a public-facing server is risky since it exposes the
information to thieves. Websites commonly use hash passwords to create hash values,
which they then store.
Applications of Cryptographic Hash Functions
Below are some applications of cryptography hash functions
Message Authentication
 Message authentication is a system or service that verifies the integrity of a
communication.
 It ensures data is received precisely as transmitted, with no modifications, insertions, or
deletions, a hash function is used for message authentication, and the value is sometimes
referred to as a message digest.
 Message authentication often involves employing a message authentication code
(MAC).
 MACs are widely used between two parties that share a secret key for authentication
purposes. A MAC function uses a secret key and data block to generate a hash value, that
identifies the protected communication.
Data Integrity Check
 Hash functions are most commonly used to create checksums for data files.
 This program offers the user with assurance that the data is correct.
 The integrity check allows the user to detect any modifications to the original file.
 It does not assure uniqueness. Instead of altering file data, the attacker can update the
entire file, compute a new hash, and deliver it to the recipient.
Digital Signatures
 The digital signature application is comparable to message authentication.
 Digital signatures operate similarly to MACs.
 Digital signatures encrypt message hash values using a user's private key.
 The digital signature may be verified by anybody who knows the user's public key.
AUTHENTICATION AND DIGITAL SIGNATURES

1. Authentication

1.1 Definition:

Authentication is the process of verifying the identity of a user, device, or system. It ensures that
the entity requesting access is genuinely who they claim to be.

1.2 Goals of Authentication:

 Ensure trustworthiness of the communicating entity.

 Prevent unauthorized access.

 Provide accountability and traceability.

1.3 Types of Authentication:

1.4 Authentication Protocols:

 Challenge-Response Protocols
 One-Time Passwords (OTP)

 Kerberos

 OAuth, SAML, OpenID Connect (for web-based apps)

1.5 Mutual Authentication:

Both communicating parties authenticate each other to prevent impersonation attacks.

✍️2. Digital Signatures

2.1 Definition:

A digital signature is a mathematical technique used to validate the authenticity and integrity
of a message, software, or digital document.

2.2 Purpose:

 Ensure message authenticity

 Prevent message tampering (integrity)

 Provide non-repudiation (the sender cannot deny sending the message)

2.3 How It Works:

Uses asymmetric encryption involving:

 Private key (used to sign)

 Public key (used to verify)

2.4 Process:

1. Sender creates a hash of the message using a cryptographic hash function (e.g., SHA-
256).
2. The hash is encrypted with the sender’s private key, creating the digital signature.

3. The message + signature is sent to the receiver.

4. Receiver:

o Decrypts the signature using sender’s public key to get the hash.

o Computes the hash of the received message.

o Compares both hashes. If they match, the message is authentic and untampered.

2.5 Algorithms for Digital Signatures:

 RSA (Rivest–Shamir–Adleman)
 DSA (Digital Signature Algorithm)

 ECDSA (Elliptic Curve Digital Signature Algorithm)

 EdDSA (Edwards-curve Digital Signature Algorithm)

4. Applications

4.1 Authentication:

 Logging into systems

 Online banking

 Securing APIs and applications

 Email access control

4.2 Digital Signatures:

 Signing software and drivers

 Email signing (S/MIME)

 Electronic contracts (e.g., DocuSign)

 Blockchain and cryptocurrency transactions

Digital signatures and certificates are two key technologies that play an important role in
ensuring the security and authenticity of online activities. They are essential for activities such
as online banking, secure email communication, software distribution, and electronic document
signing. By providing mechanisms for authentication, integrity, and non-repudiation, these
technologies help protect against fraud, data breaches, and unauthorized access.
Experience the ease of obtaining legally binding signatures online, all while maintaining the
highest standards of security and compliance with the leading e-signature platform, SignNow.
It is a secure and efficient electronic signature solution designed to streamline your document
signing process while ensuring top-tier security features.
Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity
of a message, software, or digital document. These are some of the key features of it.
 Key Generation Algorithms: Digital signatures are electronic signatures, which assure
that the message was sent by a particular sender. While performing digital transactions
authenticity and integrity should be assured, otherwise, the data can be altered or someone
can also act as if he were the sender and expect a reply.
 Signing Algorithms: To create a digital signature, signing algorithms like email
programs create a one-way hash of the electronic data which is to be signed. The signing
algorithm then encrypts the hash value using the private key (signature key). This
encrypted hash along with other information like the hashing algorithm is the digital
signature. This digital signature is appended with the data and sent to the verifier. The
reason for encrypting the hash instead of the entire message or document is that a hash
function converts any arbitrary input into a much shorter fixed-length value. This saves
time as now instead of signing a long message a shorter hash value has to be signed and
hashing is much faster than signing.
 Signature Verification Algorithms: The Verifier receives a Digital Signature along
with the data. It then uses a Verification algorithm to process the digital signature and the
public key (verification key) and generates some value. It also applies the same hash
function on the received data and generates a hash value. If they both are equal, then the
digital signature is valid else it is invalid.
How Digital Signature Works
The steps followed in creating a digital signature are:
1. Message digest is computed by applying the hash function on the message and then
message digest is encrypted using the private key of the sender to form the digital
signature. (digital signature = encryption (private key of sender, message digest) and
message digest = message digest algorithm (message)).
1. A digital signature is then transmitted with the message. (message + digital signature is
transmitted)
1. The receiver decrypts the digital signature using the public key of the sender. (This
assures authenticity, as only the sender has his private key so only the sender can encrypt
using his private key which can thus be decrypted by the sender’s public key).
1. The receiver now has the message digest.
1. The receiver can compute the message digest from the message (actual message is sent
with the digital signature).
1. The message digest computed by receiver and the message digest (got by decryption on
digital signature) need to be same for ensuring integrity.
Message digest is computed using one-way hash function , i.e. a hash function in which
computation of hash value of a message is easy but computation of the message from hash
value of the message is very difficult.

Drawbacks of Digital Signature

 Dependency on technology: Because digital signatures rely on technology, they are
susceptible to crimes, including hacking. As a result, businesses that use digital signatures
must make sure their systems are safe and have the most recent security patches and
upgrades installed.
 Complexity: Setting up and using digital signatures can be challenging, especially for
those who are unfamiliar with the technology. This may result in blunders and errors that
reduce the system's efficacy. The process of issuing digital signatures to senior citizens can
occasionally be challenging.
 Limited acceptance: Digital signatures take time to replace manual ones since
technology is not widely available in India, a developing nation.
Digital Certificate
Digital certificate is issued by a trusted third party which proves sender's identity to the
receiver and receiver’s identity to the sender. A digital certificate is a certificate issued by a
 Certificate Authority (CA) to verify the identity of the certificate holder. Digital certificate is
used to attach public key with a particular individual or an entity.
Digital Certificate Contains
 Name of certificate holder.
 Serial number which is used to uniquely identify a certificate, the individual or the
entity identified by the certificate
 Expiration dates.
 Copy of certificate holder's public key. (used for decrypting messages and digital
signatures)
 Digital Signature of the certificate issuing authority.
Digital certificate is also sent with the digital signature and the message.
Advantages of Digital Certificate
 Network Security: A complete layered strategy is required by
modern cybersecurity methods, wherein many solutions cooperate to offer the highest level
of protection against attackers. An essential component of this puzzle is digital certificates,
which offer strong defense against manipulation and man-in-the-middle attacks .
 Verification: Digital certificates facilitate cybersecurity by restricting access to
sensitive data, which makes authentication a crucial component of cybersecurity. Thus,
there is a decreased chance that attackers will cause disturbance. At many different
endpoints, certificate-based authentication provides a dependable method of identity
verification. Compared to other popular authentication methods like biometrics or one-time
passwords, certificates are more flexible.
 Buyer Success: Consumers demand complete assurance that the websites they visit are
reliable. Because digital certificates are supported by certificate authority that users'
browsers trust, they offer a readily identifiable indicator of reliability.

KEY MANAGEMENT AND DISTRIBUTION: SYMMETRIC KEY DISTRIBUTION

Overview

In symmetric key cryptography, the same secret key is used for both encryption and
decryption. The biggest challenge in symmetric cryptography is securely distributing the key
to both sender and receiver without interception.

🔑 1. What is Key Management?

Key Management refers to the process of:

 Generating cryptographic keys.

 Distributing keys securely.

 Storing keys securely.

  Rotating keys (changing them periodically).

 Revoking and destroying keys after use.

🔁 2. Symmetric Key Distribution Techniques

🔸 A. Manual Key Exchange

 Keys are exchanged physically or through a secure channel (e.g., USB, in person).
 Suitable for small-scale systems or one-time sessions.

 Limitation: Not scalable in large networks.

🔸 B. Key Distribution Center (KDC)

The use of a key distribution center is based on the use of a hierarchy of keys. At a
minimum, two levels of keys are used.
 Communication between end systems is encrypted using a temporary key, often referred
to as a Session key.
 Typically, the session key is used for the duration of a logical connection and then
discarded
 Master key is shared by the key distribution center and an end system or user and used to
encrypt the session key.
  A central trusted server is responsible for key distribution.
 Each user shares a secret key with the KDC.

 When User A wants to communicate with User B:

o A requests a session key from the KDC.

o KDC generates a session key and sends it encrypted to both A and B using their
respective keys.

 Used in: Kerberos authentication system.

 Let us assume that user A wishes to establish a logical connection with B and requires a
one-time session key to protect the data transmitted over the connection. A has a master
key, Ka, known only to itself and the KDC; similarly, B shares the master key Kb with
the KDC. The following steps occur:

A issues a request to the KDC for a session key to protect a logical connection to B. The message includes
the identity of A and B and a unique identifier, N1, for this transaction, which we refer to as a nonce. The
nonce may be a timestamp, a counter, or a random number; the minimum requirement is that it differs with
each request. Also, to prevent masquerade, it should be difficult for an opponent to guess the nonce. Thus, a
random number is a good choice for a nonce.
2. The KDC responds with a message encrypted using Ka Thus, A is the only one who can successfully read
the message, and A knows that it originated at the KDC. The message includes two items intended for A:

 The one-time session key, Ks, to be used for the session

 The original request message, including the nonce, to enable A to match this response with the
appropriate request

Thus, A can verify that its original request was not altered before reception by the KDC

and, because of the nonce, that this is not a replay of some previous request.

In addition, the message includes two items intended for B:

 The one-time session key, Ks to be used for the session

 An identifier of A (e.g., its network address), IDA

These last two items are encrypted with Kb (the master key that the KDC shares with B). They are to be sent
to B to establish the connection and prove A's identity.

3. A stores the session key for use in the upcoming session and forwards to B the information that originated
at the KDC for B, namely, E(Kb, [Ks || IDA]). Because this information is encrypted with Kb, it is protected
from eavesdropping. B now knows the session key (Ks), knows that the other party is A (from IDA), and
knows that the information originated at the KDC (because it is encrypted using Kb). their protected
exchange. However, two additional steps are desirable:

4. Using the newly minted session key for encryption, B sends a nonce, N2, to A.

5. Also using Ks, A responds with f(N2), where f is a function that performs some transformation on N2
(e.g., adding one).

These steps assure B that the original message it received (step 3) was not a replay.

Note that the actual key distribution involves only steps 1 through 3 but that steps 4 and 5, as

well as 3, perform an authentication function. At this point, a session key has been securely delivered to A
and B, and they may begin

Advantages:

 Centralized control
 Avoids need for users to maintain keys for every peer

Disadvantages:
  Single point of failure
 High trust placed in KDC

Major Issues with KDC:

Hierarchical Key Control

 It is not necessary to limit the key distribution function to a single KDC.Indeed,for very large
networks,it may not be practical to do so.As an alternative,a hierarchy of KDCs can be
established.

 For example, there can be local KDCs, each responsible for a small domain of the overall
internetwork, such as a single LAN or a single building.

 If two entities in different domains desire a shared key, then the corresponding local KDCs
can communicate through a global KDC.

 The hierarchical concept can be extended to three or even more layers, depending on the size
of the user population and the geographic scope of the internetwork.

 A hierarchical scheme minimizes the effort involved in master key distribution, because most
master keys are those shared by a local KDC with its local entities.

Session Key Lifetime

 The distribution of session keys delays the start of any exchange and places a burden on
network capacity. A security manager must try to balance these competing considerations in
determining the lifetime of a particular session key.

 For connection-oriented protocols, one obvious choice is to use the same session key for the
length of time that the connection is open, using a new session key for each new session.

For a connectionless protocol, such as a transaction-oriented protocol, there is no explicit

connection initiation or termination.

 Thus, it is not obvious how often one needs to change the session key. The most secure
approach is to use a new session key for each exchange.

 A better strategy is to use a given session key for a certain fixed period only or for a certain
number of transactions.

A Transparent Key Control Scheme

 The approach suggested in Figure 14.3is useful for providing end-to-end encryption at a
network or transport level in a way that is transparent to the end users.
  The approach assumes that communication makes use of a connection-oriented end-toend
protocol, such as TCP.

 The noteworthy element of this approach is a session security module (SSM), which may
consist of functionality at one protocol layer,that performs end-to-end encryption and obtains
session keys on behalf of its host or terminal.

🔸 C. Diffie-Hellman Key Exchange (for symmetric session key)

 Allows two parties to establish a shared secret over an insecure channel.

 Based on discrete logarithms and modular arithmetic.

 Used to generate a symmetric session key, even though it is a public-key algorithm.

Steps:

1. Each party selects a private key and computes a public value.

2. Exchange public values.

3. Each party computes the shared secret using their private key and the other's public value.

Advantage:
  No prior shared secret needed.

Disadvantage:

 Vulnerable to Man-in-the-Middle (MitM) attack if not authenticated.

🔸 D. Automatic Key Distribution Using Symmetric Encryption

 The system automatically generates and transmits keys using symmetric encryption
methods (e.g., via secure channel).

 Often combined with protocols (SSL/TLS, IPSec).

🔸 E. Using Pre-shared Keys (PSK)

 Symmetric keys are pre-configured in both ends of communication (e.g., in VPN

tunnels).

 Simple but inflexible; does not scale for large user bases.

🔐 3. Key Hierarchy in Symmetric Key Distribution

To manage keys efficiently, a hierarchy is used:

 Master Key: Used to encrypt/decrypt session keys.

 Session Key: Used for actual communication between parties.

This helps reduce the impact of key compromise and enhances performance.

📉 4. Challenges in Symmetric Key Distribution

 Scalability: O(n²) keys needed for n users (each pair needs a unique key).
 Key Compromise: If the key is leaked, the security is broken.

 Key Renewal: Requires secure mechanism for periodic key changes.

 🔐 5. Secure Key Distribution Protocols
Some well-known protocols that handle symmetric key distribution include:

 Kerberos
 Internet Key Exchange (IKE) in IPSec

 SSL/TLS (uses asymmetric encryption initially to establish symmetric keys)

For symmetric encryption to work, the two parties to an exchange must share the
same key, and that key must be protected from access by others. Therefore, the term that
refers to the means of delivering a key to two parties who wish to exchange data, without
allowing others to see the key. For two parties A and B, key distribution can be achieved in a
number of ways, as follows:
1. A can select a key and physically deliver it to B.
2. A third party can select the key and physically deliver it to A and B.
3. If A and B have previously and recently used a key, one party can transmit the new
key to the other, encrypted using the old key.
4. If A and B each has an encrypted connection to a third party C, C can deliver a key on
the encrypted links to A and B.

DISTRIBUTION OF PUBLIC KEYS

Distribution of Public Keys in Network Security

✅ Overview

In public key cryptography, each user has:

 A public key (shared with everyone).

 A private key (kept secret).

To ensure secure communication, the public key of a user must be distributed in a way that
it can be trusted and verified by others. This process is known as public key distribution.

📌 Why is Public Key Distribution Important?

 Prevents man-in-the-middle attacks.
 Ensures the authenticity of the public key.

 Builds trust in a networked environment.

📬 Methods of Public Key Distribution
🔸 1. Public Announcement

 The public key is broadcasted openly (e.g., posted on a website or email).

 Example: Alice sends her public key via email to Bob.

Drawback:

 No authentication. Anyone can impersonate Alice and send a fake public key.

🔸 2. Publicly Available Directory

 Maintained by a central authority or server.

 Users can query the directory to obtain the public key of others.

Requirements:

 Directory must be trusted and secure.

 Needs access control and data integrity.

🔸 3. Public Key Certificates (Digital Certificates)

 A trusted Certificate Authority (CA) issues a digital certificate.

 The certificate binds the public key to the identity of the user.

 Follows X.509 standard.

Structure of a Certificate (X.509):

 Subject Name (identity of user)

 Public Key

 Issuer (CA name)

 Validity period

 Digital signature of the CA

Usage:

 Used in SSL/TLS, HTTPS, email security, etc.

🔸 4. Certificate Authority (CA)

 CA is a trusted third party that verifies user identities and issues certificates.
 Ensures that the public key truly belongs to the individual or organization.

Process:

1. User generates a public/private key pair.

2. Sends a Certificate Signing Request (CSR) to CA.

3. CA verifies identity and issues a certificate with the public key.

🔸 5. Public Key Infrastructure (PKI)

 PKI is a complete framework that includes:

o Certificate Authorities (CA)

o Registration Authorities (RA)

o Certificate databases

o Certificate revocation lists (CRLs)

 It provides end-to-end management of digital certificates and public keys.

Functions:

 Key generation
 Key distribution

 Certificate issuance and revocation

 Trust management
 🔸 6. Web of Trust

 Used in PGP (Pretty Good Privacy).

 No central authority — users sign each other’s public keys.

 Trust is built based on mutual verification.

Advantage:

 Decentralized, flexible.

Drawback:

 Complex trust chains, hard to scale.

X.509 CERTIFICATES

PUBLIC KEY INFRASTRUCTURE.