A Real-life Scenario
Here's a typical secure messaging scenario:
Alice and Bob each generate a pair of public and private keys and exchange public keys. Alice composes a message to Bob.
Alice computes a hash of the encrypted message, encrypts the hash using her own private key and appends it to the bottom of the message. This is referred to as signing the message with a digital signature.
Next, Alice encrypts the signed message using Bob's public key and transmits the message to Bob. Bob then decrypts the message using his private key.
Bob uses Alice's public key to decrypt the hash at the bottom of the message and compares it to the hash he computes for the message (after the signature portion has been removed). This process is called authentication. If any key other than Alice's private key is used to encrypt the signature, the decryption would produce nonsense and would not match the computed message hash. If the message had been altered in any way during transit, the computed hash would differ from the one in the signature. Therefore, if the hash results match, Bob knows that the signature must have been generated with Alice's private key, and that the message he has received is identical in content to the message she sent.
To summarize, a secure messaging model requires four distinct operations:
- Signing: encrypting a message digest with the sender's private key and appending it to the message.
- Encrypting: encrypting a message (signed or unsigned) with the recipient's public key.
- Decrypting: decrypting a message with the recipient's private key to recover the plain text message.
- Authenticating: decrypting a message digest (or hash) using the sender's public key and comparing it to the computed digest.
Subsequently, a public key infrastructure provides methods for each of these activities as well as a system of generating, sharing, and organizing public and private keys.
Designing the Public Key Infrastructure
Before starting with the public key infrastructure, you should be familiar with the objects it will contain:
The message object is a container for message text. It can contain either plain text or cipher text. In this article, the infrastructure messages will be implemented as string objects.
Key objects contain the information needed to perform the signing, encryption, decryption, and authentication operations on messages. Key objects need a property to indicate which type of keyPublic or Private. Key objects also contain a property for a label. The label serves as a unique identifier to facilitate organizing, storing, and retrieving keys. The key object exposes the key (group of numbers for the cryptography algorithms) as an XML string through a key property. The .NET cryptography classes make use of a collection of information about keys to facilitate cryptographic operations. However, this collection of information can be read, stored, and used as an XML string. Therefore, you can simply treat the entire XML string as if it were a simple key.
A key pair object is a container that can hold either a public or private key. The KeyPair object will expose properties for PublicKey and PrivateKey. Each of these properties may either contain a key object of the indicated type or nothing. When you generate a public key and private key set (appropriate for encrypting and decrypting messages), the set is returned as a KeyPair. You can get the Key value (XML string) from the public key and distribute it. You can also create a KeyPair containing only a public key for storing the public key information (XML string) of someone with whom you wish to have secure communications.
This article contains the private and public keys of the person with whom you are corresponding.
The KeyRing object contains a collection of KeyPairs indexed by the labels from the public key. It also contains methods for adding, retrieving, and removing KeyPairs.
The CryptographicFunctions class exposes the KeyRing object and provides a method for generating new KeyPair objects (that contain public and private keys). This class also contains the methods for signing, encrypting, decrypting, and authenticating messages using a conversational key pair (that contains your private key and the other party's public key).