Ways to Establish Trust for Private Key and Public Key Sets

Public key cryptography uses public keys and private keys to provide authentication, confidentiality, integrity, and nonrepudiation. However, by themselves, public keys and private keys cannot provide proof that the public key and private key set belong to an alleged key set owner. There has to be a way to verify the identity of the owner of a public key and private key set with a high degree of confidence. There also has to be a way to establish trust for the public key and private key sets of geographically dispersed entities on intranets and the Internet.

On a public network, Alice can send a message to Bob, which is signed by her private key and accompanied by the corresponding public key. Bob can then use the public key to verify the integrity of the message, but how can he verify that the sender is really Alice? Perhaps an intruder has intercepted Alice's original message and substituted a counterfeit message to Bob along with a counterfeit public key. The intruder might also be impersonating Alice by forging her network IP address. In addition, if Bob receives a message from Alice, how does he know he can trust her? How does he know that she won't falsely deny sending the message?

Peer-to-Peer Trust

For Bob to trust Alice's private key and public key, he needs assurance of her identity and verification that the public key is indeed hers. If Bob knows Alice and obtains her public key in person, he can use her public key to verify digital signatures created by her private key with a high level of trust and assurance. If an intruder attempts to impersonate Alice, Bob can use her public key to detect whether the message is signed by her private key and whether it was altered. However, such peer-to-peer trust is generally limited to a small group of people who work within the same locality or who know each other well. Peer-to-peer trust is effective for a small circle of people who choose to trust each other's public keys, but it is not scalable to the public Internet or to large and often geographically dispersed enterprises.

Trust in Certification Authorities

To establish widespread trust for private key and public key sets on open networks, there must be trustworthy authorities that can certify the identities of individuals, organizations, and computers on the network and also provide assurance that public keys and private keys correspond to these entities. These trustworthy authorities, called certification authorities (CAs), positively verify the identity of each online entity and provide credentials to identify online identities, so that others can have a high level of assurance that the online entities are who they claim to be.

To establish trust on the Internet, intranets, or extranets, a public key infrastructure uses electronic credentials called digital certificates that are issued by CAs. A digital certificate provides proof that the entity named in the certificate is the owner of the public key and private key set. Therefore, other entities on the network can have a high level of assurance that a public key really belongs to the owner of the private key.

If Bob trusts a CA on the basis of its reputation, he can then choose to trust Alice's public key when it is certified by the CA, even if he does not know Alice. Bob can be confident that Alice is who she claims to be during online communication. Furthermore, Bob can be confident that Alice cannot falsely deny sending a message that was signed with her private key.

PKIX-compliant public key infrastructures, such as the public key infrastructure in Windows 2000, use digital certificates issued by CAs rather than peer-to-peer trust to establish trust on intranets, extranets, and the Internet for online entities and their public key and private key sets.