Microsoft Windows 2000 Public Key Infrastructure

	Read Document Microsoft Word Version PKI.doc 289 KB Word 2000 file 2 min @ 28.8 kbps Office File Viewers Download Compressed Word Document PKI.exe 193 KB executable file 2 min @ 28.8 kbps Office File Viewers

Summary

The Windows® 2000 operating system introduces a comprehensive public-key infrastructure (PKI) to the Windows platform. This infrastructure extends the Windows-based public-key (PK) cryptographic services introduced over the past few years, providing an integrated set of services and administrative tools for creating, deploying, and managing PK-based applications. This document explains how application developers can take advantage of the shared-secret security mechanisms or PK-based security mechanism in the Windows operating system, addresses the reasons why enterprises also gain the advantage of being able to manage the environment and applications with consistent tools and policies, and provides an overview of the PKI in Windows 2000.

Cryptography is the science of protecting data. Cryptographic algorithms mathematically combine input plaintext data and an encryption key to generate encrypted data (ciphertext). With a good cryptographic algorithm, it is computationally not feasible to reverse the encryption process and derive the plaintext data, starting with only the ciphertext. A decryption key is needed to perform the transformation.

In traditional, secret (or symmetric) key cryptography, encryption and decryption keys are identical and thus share sensitive data. Parties wishing to communicate with secret-key cryptography must securely exchange their encryption/decryption keys before they can exchange encrypted data.

In contrast, the fundamental property of public-key (PK) cryptography is that the encryption and decryption keys are different. Encryption with a public key encryption key is a one-way function; plaintext turns into ciphertext, but the encryption key is irrelevant to the decryption process. A different decryption key (related, but not identical, to the encryption key) is needed to turn the ciphertext back into plaintext. Thus, for PK cryptography, every user has a pair of keys, consisting of a public key and a private key. By making the public key available, it is possible to enable others to send you encrypted data that can only be decrypted using your private key. Similarly, you can transform data using your private key in such a way that others can verify that it originated with you.

This paper briefly describes the principal uses of PK cryptography.