**litch**

Most of my job in doing smart card support is about understanding PKI (public key infrastructure) and trying to explain it to admins who have broken it or are trying to set up a new one.

PKI is about assuring identity, proving that "someone" is who they claim to be. It's incredibly important in our modern web powered world and for the most part it works smoothly and seamlessly and nobody really realizes what is going on. Until it breaks. It's how you know I'm the one writing this, that it is really your bank you are logging onto, and that it is really Powell's books you are giving your credit card information to.

The heart of PKI are identity certificates. They are little files that give the entity's name & other identification information (i.e. email address, phone #, home city, organization it's associated with, physical location), validity dates, & their "public key". A public key is just a number, but it's a special kind of number that has a complicated relationship with another number (the private key). With one number you can encrypt something and only that other number (not even the original number) can decrypt it. Either one can do the encrypting, but only that other number can do the decrypting.

Let me pause a minute to give a simple explanation of the kind of encrypting I am talking about. If you take a text message, convert each letter to a number (a=1, b=2. ...) and send just the numbers it's pretty simple for someone to work backwards and figure out the original message. If you add some constant (like 13) to each number and you write your message using those numbers it will be harder to figure out what your original message is unless they know which constant you used (you could probably do it but it is harder). That's what's known as a symmetric cipher, you use the same number to encrypt the message as you use to decrypt it. With public/private key pairs you can do asymmetric ciphers, use one number to encrypt the message, and the other to decrypt it. They aren't actually doing addition, they are doing modular exponentiation (with most common encryption schemes), but it is the same idea.

So using this nifty math trick you can make a message using that special number in the identity certificate (the public key) that only someone with that other secret number (private key) can read and they can make a message that will only be able to be translated if you use their public key. So if I want to make you prove you are who you say you are in your identity certificate I can guess a random number, encrypt it with your public key, send it to you, have you decrypt it using your private key, figure out what I sent you, recrypt it using your private key, send it back to me and have me decrypt it using your public key. If we have our computer do it we can do it really fast

The next problem is how do I know the identity certificate I have is really yours and not one someone else made up? To do that you have your identity certificate (hereafter called a "cert") signed by a trusted third party using their private key. So your cert has someone's encrypted name on the bottom and if I can decrypt it using their public key then I know it is a valid cert and you are who you say you are. The trusted third party, commonly called a Certificate Authority (or CA) proves they are who they say they are the same way. And we all agree that there will be a few "root" certs we just have to accept as valid because everyone else accepts them as valid. This is how Verisign, Thawte and a couple other companies make money, they have widely trusted root certs that they use to sign other people's identity certificates.

It's actually a lot more complicated than that, each cert is only valid for a certain period of time and after that period you have to replace it. There are also revoked certificates where someone has gotten ahold of someone else's private key and they have to get a new one but post the old one as publically bad (until it expires) so people aren't fooled. Every organization that uses a Public Key Infrastructure has some sort of (usually web based) certificate server that keeps all their certs on file so people can can pull public keys when they need to assure identity or send something only they should read.

PKI is about assuring identity, proving that "someone" is who they claim to be. It's incredibly important in our modern web powered world and for the most part it works smoothly and seamlessly and nobody really realizes what is going on. Until it breaks. It's how you know I'm the one writing this, that it is really your bank you are logging onto, and that it is really Powell's books you are giving your credit card information to.

The heart of PKI are identity certificates. They are little files that give the entity's name & other identification information (i.e. email address, phone #, home city, organization it's associated with, physical location), validity dates, & their "public key". A public key is just a number, but it's a special kind of number that has a complicated relationship with another number (the private key). With one number you can encrypt something and only that other number (not even the original number) can decrypt it. Either one can do the encrypting, but only that other number can do the decrypting.

Let me pause a minute to give a simple explanation of the kind of encrypting I am talking about. If you take a text message, convert each letter to a number (a=1, b=2. ...) and send just the numbers it's pretty simple for someone to work backwards and figure out the original message. If you add some constant (like 13) to each number and you write your message using those numbers it will be harder to figure out what your original message is unless they know which constant you used (you could probably do it but it is harder). That's what's known as a symmetric cipher, you use the same number to encrypt the message as you use to decrypt it. With public/private key pairs you can do asymmetric ciphers, use one number to encrypt the message, and the other to decrypt it. They aren't actually doing addition, they are doing modular exponentiation (with most common encryption schemes), but it is the same idea.

So using this nifty math trick you can make a message using that special number in the identity certificate (the public key) that only someone with that other secret number (private key) can read and they can make a message that will only be able to be translated if you use their public key. So if I want to make you prove you are who you say you are in your identity certificate I can guess a random number, encrypt it with your public key, send it to you, have you decrypt it using your private key, figure out what I sent you, recrypt it using your private key, send it back to me and have me decrypt it using your public key. If we have our computer do it we can do it really fast

The next problem is how do I know the identity certificate I have is really yours and not one someone else made up? To do that you have your identity certificate (hereafter called a "cert") signed by a trusted third party using their private key. So your cert has someone's encrypted name on the bottom and if I can decrypt it using their public key then I know it is a valid cert and you are who you say you are. The trusted third party, commonly called a Certificate Authority (or CA) proves they are who they say they are the same way. And we all agree that there will be a few "root" certs we just have to accept as valid because everyone else accepts them as valid. This is how Verisign, Thawte and a couple other companies make money, they have widely trusted root certs that they use to sign other people's identity certificates.

It's actually a lot more complicated than that, each cert is only valid for a certain period of time and after that period you have to replace it. There are also revoked certificates where someone has gotten ahold of someone else's private key and they have to get a new one but post the old one as publically bad (until it expires) so people aren't fooled. Every organization that uses a Public Key Infrastructure has some sort of (usually web based) certificate server that keeps all their certs on file so people can can pull public keys when they need to assure identity or send something only they should read.