Why do we need certificates at all in PKI?
The public key that is used to send someone a message (for example – if someone wants to send me a message, they will use my public key – so only I can decrypt with my private key), can be stored in a couple of different places. The first place is a public database. The second is a private database/registry. With each of these storage options, a hacker can replace MY key with HIS public key. This way, all data is actually encrypted with HIS key – and all he has to do now is to intercept the encrypted message. Only he can decrypt it. In addition, if he is smart, he will decrypt it – and re-encrypt it using the original recipient’s key – and forward the message on. This way, no one will know that the hacker has already decrypted the message before forwarding it.
Enter Certificate Authorities
This man in the middle can be addressed by the use of a public authority service that ensures that the PUBLIC key is not intercepted and belongs to the original intended recipient.
Leave a Reply