Jump to content

Certificate-based encryption

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Michael Hardy (talk | contribs) at 21:38, 8 September 2004. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Certificate-based encryption is a system in which a certificate authority uses ID-based cryptography to produce a certificate. This system gives the users both implicit and explicit certification, the certificate can be used as a conventional certificate (for signatures, etc.), but also implicitly for the purpose of encryption.

A user Alice can doubly encrypt a message using another user's (Bob) public key and their (Bob's) identity.

This means that the user (Bob) can not decrypt it without a currently valid certificate and also that the CA can not decrypt the message as they don't have the user's private key (i.e. there is no implicit escrow as with ID-based cryptography, as the double encryption means they cannot decrypt it solely with the information they have).

Key revocation can be added to the system by requiring a new certificate to be issued frequently (daily/hourly depending on level of security required), because the certificate is "public information" it does not need to be transmitted over a secret channel. The downside of this is the requirement for regular communication between users and the CA, which means the CA is more vulnerable to electronic attacks such as a Denial of Service attacks and also that such attacks could effectively stop the system from working. This risk can be partially but not completely reduced by having a hierarchy of multiple CAs.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Certificate-based_encryption&oldid=5748404"