PKI in a (small) Nutshell

John D. Gregory, General Counsel, Policy Branch, MAG

April 8, 1999

1. Cryptography

Encryption transforms a message by applying a code or "key" to it. Traditional encryption uses a "single key" or "secret key", held by both the originator and the recipient of an encrypted message. Getting the key from originator to recipient can be hard, if they are distant from each other. Changing keys at a distance is also difficult.

Public key cryptography (also known as "dual key" or "asymmetric key" cryptography) uses a combination of two mathematically related keys. (The math is based on the difficulty of factoring the product of high prime numbers). Even if you know one key, you cannot figure out the other key. These "key pairs" are generated by a computer for potential users.

One of the two keys is kept secret (the "private key") and the other made known to anyone you want to be able to communicate with (the "public key"). A public key could be on a web site. Either one of the keys in a key pair may be used to encrypt a message. A text encrypted with one of the key pair can be read only with the other.

Encrypting a message using this technology makes a "digital signature". Digital signatures may be used for three purposes:

a) signing: the signer uses the private key, the recipient uses the public key - only one person knows the private key, so the recipient knows where the message came from.

b) secrecy: the signer uses the public key, the recipient uses the private key - only the private key can read the message, so anyone signing knows that the message is secret from others.

c) integrity: the private key is used on a mathematically produced "digest" or "hash" of the message (essentially a number that represents the text in digital form), which is sent to the recipient. Any change to the text is detectable because any such change also changes the digest.

2. Signature

The fundamental purpose of a signature is to associate a person with a text. The legal reasons why the person signs may vary greatly: consent, acknowledgement, confirmation, witnessing, and more. Associating someone with a text electronically is a challenge, because an electronic identifier is itself made up of bits that can be captured and reproduced on other texts.

Public key cryptography offers a solution: a message readable by a public key can have been created only by the corresponding private key, so the recipient can attribute the message with confidence to the holder of the private key.

3. Public Key Infrastructure

The problem is that that keys themselves are electronic information that does not inherently identify its rightful owner. This problem can be solved by trusted personal delivery of keys (you know it's mine because I gave it to you); or by a semi-formal "web of trust" (A knows B, B knows C, so A can trust C's identity); or by evidence of the keyholder's identity from a trusted third party. This last system is the most formal method: the trusted third party is known as a Certification Authority ("CA"), who issues a certificate saying who holds the keys.

The rules and practices by which the CA identifies keyholders, delivers its certificates, manages the certificates (maintaining security, revoking the certificate if the key is compromised), and stands behind (or qualifies its legal support for) its certificates, is a Public Key Infrastructure (PKI).

4. Challenges

The recipient of a signature on paper takes the legal risk that the signature is not genuine. Does the reliability of digital signature technology allow for a shift of that risk to the holder of the private key, who might be presumed to have signed a message if the corresponding public key can open it? When is a "non-repudiation" rule justified? What is a reasonable standard of care for keeping a private key private? Do consumers need special rules?

Should the legal risk be shifted to the Certification Authority that certifies who owns the private key? How can the CA limit its legal liability to strangers who may rely on the certificates? Many ways are developing to generate and deliver certificates, in part to address this problem.

How certain can the CA be of the identity of the keyholder? What identification procedures are reasonable, for what levels of assurance? How certain does one have to be for different uses of digital signatures? What level of assurance is needed to allow a digital signature to replace handwritten signatures for legal purposes? Does one size fit all?

How accessible is information about keyholders, and when does such access threaten their privacy? When is anonymity possible or desirable, and when is it inconsistent with the notion of a signature? What does a key give access to, and can it serve as a link between otherwise unrelated databases?

How can one read material encrypted with a key that is then lost, or whose owner leaves his or her position? When should employers, or law enforcement agencies, be able to recover keys? Is there a difference between keys used to sign and keys used to ensure secrecy? How long does one have to be able to verify a digital signature, for example with archived or registered records?

How do the certificates from one PKI operate in another PKI? What standards are possible for cross-certification of signatures or cross-recognition of certificates, and what legal effect follows from such arrangements?

5. Sources

Government of Canada PKI

General: PKI law

American Bar Association PKI Appraisal Guidelines

ABA PKI Guidelines press release

Supplier: Entrust Technologies Inc.

Supplier: Verisign Inc