PKI in a (small) Nutshell
John D. Gregory, General Counsel, Policy Branch, MAG
April 8, 1999
1. Cryptography
Encryption transforms a message by applying a code or "key" to it. Traditional
encryption uses a "single key" or "secret key", held by both the originator and the
recipient of an encrypted message. Getting the key from originator to recipient can be
hard, if they are distant from each other. Changing keys at a distance is also difficult.
Public key cryptography (also known as "dual key" or "asymmetric key" cryptography)
uses a combination of two mathematically related keys. (The math is based on the
difficulty of factoring the product of high prime numbers). Even if you know one key, you
cannot figure out the other key. These "key pairs" are generated by a computer for
potential users.
One of the two keys is kept secret (the "private key") and the other made known to
anyone you want to be able to communicate with (the "public key"). A public key could
be on a web site. Either one of the keys in a key pair may be used to encrypt a
message. A text encrypted with one of the key pair can be read only with the other.
Encrypting a message using this technology makes a "digital signature". Digital
signatures may be used for three purposes:
a) signing: the signer uses the private key, the recipient uses the public key - only one
person knows the private key, so the recipient knows where the message came from.
b) secrecy: the signer uses the public key, the recipient uses the private key - only the
private key can read the message, so anyone signing knows that the message is secret
from others.
c) integrity: the private key is used on a mathematically produced "digest" or "hash" of
the message (essentially a number that represents the text in digital form), which is sent
to the recipient. Any change to the text is detectable because any such change also
changes the digest.
2. Signature
The fundamental purpose of a signature is to associate a person with a text. The legal
reasons why the person signs may vary greatly: consent, acknowledgement,
confirmation, witnessing, and more. Associating someone with a text electronically is a
challenge, because an electronic identifier is itself made up of bits that can be captured
and reproduced on other texts.
Public key cryptography offers a solution: a message readable by a public key can have
been created only by the corresponding private key, so the recipient can attribute the
message with confidence to the holder of the private key.
3. Public Key Infrastructure
The problem is that that keys themselves are electronic information that does not
inherently identify its rightful owner. This problem can be solved by trusted personal
delivery of keys (you know it's mine because I gave it to you); or by a semi-formal "web
of trust" (A knows B, B knows C, so A can trust C's identity); or by evidence of the
keyholder's identity from a trusted third party. This last system is the most formal
method: the trusted third party is known as a Certification Authority ("CA"), who issues a
certificate saying who holds the keys.
The rules and practices by which the CA identifies keyholders, delivers its certificates,
manages the certificates (maintaining security, revoking the certificate if the key is
compromised), and stands behind (or qualifies its legal support for) its certificates, is a
Public Key Infrastructure (PKI).
4. Challenges
The recipient of a signature on paper takes the legal risk that the signature is not
genuine. Does the reliability of digital signature technology allow for a shift of that risk to
the holder of the private key, who might be presumed to have signed a message if the
corresponding public key can open it? When is a "non-repudiation" rule justified? What
is a reasonable standard of care for keeping a private key private? Do consumers need
special rules?
Should the legal risk be shifted to the Certification Authority that certifies who owns the
private key? How can the CA limit its legal liability to strangers who may rely on the
certificates? Many ways are developing to generate and deliver certificates, in part to
address this problem.
How certain can the CA be of the identity of the keyholder? What identification
procedures are reasonable, for what levels of assurance? How certain does one have
to be for different uses of digital signatures? What level of assurance is needed to allow
a digital signature to replace handwritten signatures for legal purposes? Does one size
fit all?
How accessible is information about keyholders, and when does such access threaten
their privacy? When is anonymity possible or desirable, and when is it inconsistent with
the notion of a signature? What does a key give access to, and can it serve as a link between otherwise unrelated databases?
How can one read material encrypted with a key that is then lost, or whose owner leaves
his or her position? When should employers, or law enforcement agencies, be able to
recover keys? Is there a difference between keys used to sign and keys used to ensure
secrecy? How long does one have to be able to verify a digital signature, for example
with archived or registered records?
How do the certificates from one PKI operate in another PKI? What standards are
possible for cross-certification of signatures or cross-recognition of certificates, and what
legal effect follows from such arrangements?
5. Sources
Government of Canada PKI
General: PKI law
American Bar Association PKI Appraisal Guidelines
ABA PKI Guidelines press release
Supplier: Entrust Technologies Inc.
Supplier: Verisign Inc
|