10. Public Key Infrastructure

Public key cryptography can be a wonderfully useful tool. Without sharing any secrets, Alice can sign statements that Bob can verify, Bob can encrypt things for Alice, and Alice and Bob can authenticate each other. Alice and Bob can belong to different enterprises and need never have met. Chapter 7 presented the steps involved in sending a signed message, receiving and verifying one, sending an encrypted message, and decrypting it. Chapter 9 presented the steps involved in using a public-key handshake to conclude something about the entity on the other end.

Suppose that Bob gets a message, a signature on the message, and a public key, and that he then verifies the signature on that message against that public key. ...

Get The Craft of System Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.