Why do we need certificates at all in PKI?

This entry is part 1 of 6 in the series PKI

Why do we need certificates at all in PKI?
Diffie Helman, Symmetric and Asymmetric Encryption
Group Encryption Keys
Brute Force Breaking of Encryption – Solution Scheme
Encryption and Signing – Same Key Pair – or different key pairs?
Tokenization versus Encryption vs Data Masking

The public key that is used to send someone a message (for example – if someone wants to send me a message, they will use my public key – so only I can decrypt with my private key), can be stored in a couple of different places. The first place is a public database. The second is a private database/registry. With each of these storage options, a hacker can replace MY key with HIS public key. This way, all data is actually encrypted with HIS key – and all he has to do now is to intercept the encrypted message. Only he can decrypt it. In addition, if he is smart, he will decrypt it – and re-encrypt it using the original recipient’s key – and forward the message on. This way, no one will know that the hacker has already decrypted the message before forwarding it.

Enter Certificate Authorities

This man in the middle can be addressed by the use of a public authority service that ensures that the PUBLIC key is not intercepted and belongs to the original intended recipient.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written 1214 posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.