Recap of Public-Key Management

Let’s hHave a look at a summary of the chapter.

We'll cover the following

Summary

In this chapter, we have looked at particular key management issues relating to managing key pairs for use in public-key cryptography. We have focused on the most common technique of using public-key certificates to provide assurance of purpose of public keys and have discussed the management of the various phases of the public-key certificate lifecycle.

The development of the Internet and the World Wide Web triggered a significant interest in deploying public-key cryptography in the 1990s. Many applications (such as web-based commerce) require security technologies that work in open environments. However, every deployment of public-key cryptography requires the associated key pairs to be properly managed. Many security architects and developers discovered that the related key management issues discussed in this chapter are more difficult to address than they first appear. In particular, while it is relatively easy to design management solutions on paper (for example, CRLs for the problem of key revocation), these solutions become very difficult to implement in the form of working procedures.

Public-key cryptography subsequently suffered a rather ‘mixed press,’ perhaps due to over-hyped expectations and subsequent frustrations at the implementation challenges and costs. It is important to recognize that:

  • The main difficulties associated with implementing public-key cryptography all arise due to key management issues and not the cryptographic technology itself.

  • The key management challenges associated with implementing public-key cryptography are largely due to the nature of the implemented environments.

This latter remark is important. We have argued in this chapter that it is fairly straightforward to manage public keys in closed environments. However, these are the environments where fully symmetric key management systems can be implemented and are normally preferred. Thus, it could be argued that the only reason public-key management is perceived to be difficult is that public-key cryptography tends to be implemented in challenging (open) environments where it is not possible to use symmetric cryptography to provide the necessary security services.

Finally, this chapter looked at alternatives to using public-key certificates to manage public keys. We observed that each of these solves some problems but introduces new ones. It is thus likely that alternatives such as IBE may find niche applications but will never fully ‘replace’ the use of certificate-based approaches to public-key management.

Get hands-on with 1400+ tech skills courses.