[pic 1][pic 2]
Public key encryption is derived from asymmetric encryption. Asymmetric encryption is defined as the following: “form of encryption where keys come in pairs. What one key encrypts, only the other can decrypt. Frequently (but not necessarily), the keys are interchangeable, in the sense that if key A encrypts a message, then B can decrypt it, and if key B encrypts a message, then key A can decrypt it.” (Public-Key Cryptography) while public key encryption is a cryptographic system that uses a public key and a private key to encrypt and decrypt email messages and files. According to the principles of computer security, a textbook public key is defined as the following: “Public key cryptography, this is a system for encrypting data that uses two mathematically derived keys to encrypt and decrypt a message- a public key is available to everyone.”(Conklin) Private key encryption is the exact same as public key encryption except for the fact that the user has their own private key that is not to be shared with anyone except for the user themselves.(Conklin) Public key encryption works as the following according to the textbook “An unpredictable (typically large and random) number is used to begin generation of an acceptable pair of keys suitable for use by an asymmetric key algorithm. In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt.” (Conklin) The public key encryption has its advantages and its disadvantages. The advantage is that it is secure, public key encryption is secure because it uses a Sha 256 bit key length to encrypt and decrypt messages. The main disadvantage is that you don’t know how credible the person you are talking to is. Like asymmetric encryption, PKI is also a symmetric encryption that is used today.
The need for PKI or public key infrastructure comes from the biggest problem with using public key encryption which is how do you know that the person you are talking to is credible. PKI is defined by the textbook as a process that “provides all the components necessary for different types of users and entities to be able to communicate securely and in a predictable manner. A PKI is made up of hardware, applications, policies, services, programming interfaces, cryptographic algorithms, protocols, user and utilities. These components work together to allow communications to take place using public key cryptography and symmetric keys for digital signatures, data encryption and integrity”. (Conklin) This furthermore shows the need for PKI because it not only helps protect emails and software but hardware overall. PKI is commonly used in companies today.
In today’s world, there are many companies that use PKI as a part of the security infrastructure but there are some issues that companies run into when implementing PKI. The one issue is how long the PKI keys will be stored. According to SANS Institute, “Two issues are related to long time storage of keys. One is the storage of the key itself, and the other is the key vulnerability.” (Liviu). This issue is important to companies who use PKI because of how secure it will be as time goes on. For example, a company could be using a PKI that expires in 10 year. The company gets hacked while on its 9TH year due to the fact that the PKI used has become extremely vulnerable as time went on and new technologies have expanded. The next issue that may arise for companies using PKI is certificate policies within the company (companies). According to SANS, “Two formal policies need to be adopted and one of their roles is to limit liability. The Certificate Policy defines the level of assurance to be placed in a certificate and its applicability. The Certification Practice Statement is a statement made by a certifying authority and outlines the steps it takes to verify the information it includes when issuing a certificate. All established Certifying Authorities have publicly accessible practice statements.”. (Liviu) This is a key issue for companies because the company is only as credible as the place the certificate came from. Despite the issues that PKI have within companies it is still one of the most secure forms of encryption for a company to use.