Secure storage facility (cage) utilised during a Key Signing Ceremony for a police customer.
Public Key Infrastructure
I wrote this article in 2018, principally to give a little insight to my then thirteen year old daughter of "what I did at work." It also proved helpful in validating that my general PKI knowledge wasn’t severely compromised by my TBI.
Every web-site logged onto to via a browser uses HTTPS to ensure passwords are encrypted during transmission. Typical logon examples are to email with Microsoft or Google, shopping with eBay or Amazon and banking with Nationwide or Barclays. HTTPS on the World Wide Web is the most widespreads use of PKI, however, it was the least typical engagement that I worked on. More often, I was engaged on projects to:
In 2008 (aged 38) I wrote a white paper for Oxford Computer Group, giving an introduction to PKI for IT professionals, see link. Alternatively, a more simplified lay person approach can be read throughout the remainder of this page.
Much descriptive material regarding PKI on the internet refers to making information secure between Alice and Bob, i.e. A to B. Often there’ll be a third-party referenced as C (Charlie) who is trying to compromise the information by eavesdropping or maliciously altering information. The example scenario is now evolved into transmitting data between A and B, while avoiding or omitting C.
PKI is generally referred to in IT security as providing ‘trust services’. I have sometimes been employed as a trust services architect, a role I undertook for the MoD was exactly such. In very simple terms, trust services is concerned with attaining assurance of the actions or outputs of entities, be they people or computers. Trust services are typically used to meet the following triad of capabilities: Confidentiality, Integrity and Authenticity - the acronym CIA is often used.
a) Confidentiality: Certainty that no entity (person or computer) can view the payload (typically data) in plaintext - either maliciously or unwittingly. The payload is encrypted to make it secret, such that if you were to be read, it would appear as gibberish.
b) Integrity: Certainty that if somebody or something changed (tampered) with data in the slightest way, it’d be obvious as its integrity would have been compromised. Often it’s not of utmost importance to prevent the integrity being compromised (tamper proof). However, it’s typically more important that if integrity is compromised, there's clear evidence of it having done so (tamper evident). Aligned with integrity is the concept of non-repudiation. For example if you’ve said you are going to do something, it must be impossible to refute (deny) having said it.
c) Authenticity: Certainty that only authenticated entities can access protected services. Authenticity is often used to assert one’s identity when leveraging PKI during a logon process. Usernames and passwords have limitations which render them too weak for mission critical authentication. Authenticity is also often used to prove that a communication (e.g. an email message) was originated by who you think it was. There must be no opportunity for spoofing / impersonation / man-in-the-middle attacks to have occurred, e.g. someone cannot fake your credentials to logon as you.
Symmetric Key Cryptography
There are two broad strands of cryptography, distinguished by their different approach to the use of keys (secrets). In symmetric key cryptography, the same key (a secret value such as a number) is used to encrypt a payload (data), as that used to subsequently decrypt the same payload. As an example, we’ll consider how to transmit the value 14 (payload) secretly in a message. You could multiply the payload by the 5 (the symmetric key). The multiplication operation is referred to as the algorithm . The resultant encrypted value would be 70, nothing like the real payload value of 14.
 A realistic algorithm is significantly more complex - such as to square the payload, then double it, then subtract 50, then multiply it by 7, and so on.
The most significant downside of symmetric key cryptography is that the key needs to be exchanged securely between partners for the encryption / decryption function to work securely. In this example, it's required to exchange the symmetric key (5) securely with your partner, alongside the algorithm to be used (multiply). In all cryptographic capabilities there is a key and an algorithm which is applied to the payload. The algorithm is not secret, since all sending and receiving parties need to know what maths to perform on the payload. In symmetric key crypto, the key itself is very important to make secret and transport securely between the sending and receiving parties, since if the key is discovered the value of symmetric key encryption is lost.
Asymmetric Key Cryptography
PKI leverages a construct referred to as asymmetric (unequal) cryptography. PKI uses one key to encrypt a message and a different key to decrypt it - this is the fundamental bedrock of PKI. With asymmetric cryptography, the aforementioned message may be encrypted using a public key value of 91, but the only way to decrypt the message would be to use a different (but related) value, say 20. It sounds implausible, but in a purely conceptual level it really does work in that way. In layman’s terms, the data is encrypted  with a public key which anybody can know, however, the data can only be decrypted with a private key which is known only by the recipient.
 This explanation only applies to CONFIDENTIALITY purposes of PKI, for INTEGRITY and AUTHENTICATION purposes the encrypting operation is done with the private key.
The public key is mathematically related to the private key. In this example, the public key (91) is the product of the prime numbers 7 and 13. The sum of the prime numbers is used as the private key (20). In real world application much larger values are used such that it’s practically impossible  to computationally derive the private key from the public key. The public key is not required to have any protection whatsoever, you can email it or it can be posted on the internet - hence the term public. The private key, however, is extremely important to keep secret. I was typically responsible for deploying solutions for customers where the private key was stored in the gold chip on a smart card, making it very secret indeed. Only somebody with the PIN for the smart card could access the private key which was stored on it and hence decrypt the message / information that was made secret.
 Typically PKI utilises prime number factorisation or elliptic curve conjecture cryptography.
To muddy waters further, in real world use cryptography uses a combination of symmetric and asymmetric cryptography to achieve bulk encryption, i.e. doing it on large quantities of data.
Recap: symmetric encryption uses the same key to encrypt and decrypt data, whereas asymmetric encryption is where one key is used to encrypt data and a different (but related) key is used to decrypt data.
The binary value of 64 bits (101010101010101010101010101010101010101010101010) equates to a decimal value of 187,649,984,473,770 - about one hundred and eighty trillion or so. Each time a bit is added to a binary value it doubles, if two bits are added it quadruples. For example, if we started with the binary value 10 (decimal two) and added two binary bits to make 1110, we get decimal fourteen - roughly quadruple two.
When it comes to PKI, bit lengths are used which don't sound impressive in plain language. For example, most of the PKIs I implemented had binary key lengths of 2,048 bits. When you consider that 64 bit binary values can equate to hundreds of trillions in decimal, and each additional binary bit length is roughly doubling the size of the decimal value, 2,048 bits is actually extremely large. PKI's fundamental premise, and the reason it has long been considered unbreakable, is that it's computationally implausible to mathematically derive the private key from the public key. Using Rivest Shamir Adleman (RSA) based algorithms (the most commonly used asymmetric cryptography algorithm in 2021), it's necessary to calculate the two prime numbers between 1 and 187,649,984,473,770 (in this case) which are the factors of the key value. A better way of explaining RSA is that it’s trivial to multiply two prime numbers together: 593 times 829 is 491,597. However, it's difficult to start with the number 491,597 and work out which two prime numbers must be factored to produce it. Remember, the decimal value 187,649,984,473,770 in the example used earlier is just 64 bits in length, whereas in reality a minimum of 2,048 bits would be used. Another approach to understanding the orders of magnitude involved is to think of one million as a 7 bit number, one billion as a 10 bit number and one trillion as a 13 bit number .
 The comparison is an inaccurate way to compare binary and decimal values, but it does help illustrate the orders of magnitude of large bit length numbers.
I’ve deployed PKI based upon 4,096 bits, generally everything I implemented beyond the year 2013 has used this approach. 4,096 bits is forecast by many standards bodies to be strong enough for hundreds of years to come, or until something called Quantum computing (see PKI Longevity section later) becomes reality. I’d estimate that 99% of the PKI work I did until 2018 was based upon RSA algorithms which uses prime number factorisation. It's likely there'll be a move from prime number factorisation to Elliptic Curve Cryptography (ECC) based algorithms. This approach is not because ECC has stronger security than RSA, but because it requires less compute power, which is important when considering the Internet of Things (IoT).
A hash is taking a variable length input of any length, from as little as 10 characters to a 1,000 page bible (say), then passing its binary representation through an algorithm to produce a fixed length output of say 160 or 256 bits. The input is always variable and the output is always fixed. If a single full stop (period) was added to the digital bible, and the hash algorithm run again against its binary representation, the resulting hash would be entirely different. Since about 2015, there was a concern regarding the strength of the prevalent algorithm named Secure Hash Algorithm 1 (SHA1), which produced a 160 bit output. In response to this, a newer algorithm was authorised (named SHA2), which uses a longer fixed length output, typically of 256 bits. When I implemented Lancs in 2010 I used SHA1, and that was a part of the reason they were able to fund my return in 2018 - to migrate to SHA2. At the Met I implemented their latest PKI in 2014 and had the foresight to insist on using SHA2, against the supposed better judgement of some Met senior IT security staff. Amongst the fun and games the Met had to deal with during my absence due to my TBI, a SHA1 to SHA2 migration wasn’t one of them. Although hashes aren’t used for encryption, they are a fundamental bedrock of message integrity and authenticity.
Cryptography Behind Password Authentication
The following is a vast simplification of how a combination of PKI and digital hashing is utilised when creating passwords, and subsequently during a typical web site logon process.
Creating a new password:
Logging on to a web site:
A digital signature is not an image / photo of a written signature, it's cryptography using PKI. A concept to grasp is that securing data for CONFIDENTIALITY purposes uses the public key to encrypt data and the private key to decrypt it. However, anything other than CONFIDENTIALITY uses the opposite approach. In digital signatures (DigSig), which facilitate INTEGRITY and AUTHENTICITY data is first hashed (SHA2), then encrypted using a private key, before being sent to a recipient along with the original (unencrypted) document. The recipient subsequently uses the public key to decrypt the hash. How this works is that the recipient uses the same SHA2 algorithm to create a hash of the attached unencrypted document, if the hash matches the value sent by the originator when hashing the document - bingo. From this outcome, it can be inferred that an email or document hasn’t been tampered with (INTEGRITY) and originated from who you thought it had (AUTHENTICITY). As usual, I have to state how this is a vast simplification of what is going on under the covers, but I think it’s OK as a basic explanation.
A digital certificate is issued by a Certification Authority (CA), it contains the subscriber's (originating user or computer) public key and is stamped (digitally signed) by the CA itself. The simplest (and admittedly imprecise) analogy may be an envelope you send to an organisation containing your passport, in this circumstance:
An important PKI concept to grasp is that when wanting to transmit an encrypted document, the sender must first obtain the target recipient’s public key (contained in the digital certificate). The party doing the encryption (sender) must use the recipient’s public key. Because the recipient possesses the private key associated with the certificate, they can then decrypt the document. Once the originator encrypts an email (say), even they can’t read the encrypted message, since they wouldn’t have access to the relevant private key.
Pure asymmetric encryption is very compute expensive, as it takes many processor cycles to get the job done. A consequence of this is that it would take a very long time to purely use asymmetric cryptography to encrypt a lot of (bulk) data. Pretty much all encryption which is done for data at rest (stored persistently - such as in a Word or Excel document on a file system) or in transit (such as when performing online banking with a browser) is a hybrid of asymmetric and symmetric cryptography. Symmetric cryptography is much quicker than asymmetric cryptography, so a symmetric key is created to do the bulk of the encryption of the document / transmission. In this circumstance, asymmetric cryptography is used to securely encrypt the symmetric key itself, to facilitate its secure sharing between parties.
Key Signing Ceremony (KSC)
The term KSC is often most used in the context of the strict logical controls and procedures that need to be effected when deploying a new PKI or performing procedures on an existing PKI.
In combination with these logical controls are the necessary physical controls. In the photograph at the bottom of the page, which I took at a police data centre, there is a desk and computer installed in a datacentre. Often it was the case that as well as storing the equipment securely, customers would dictate that the actual KSC be performed in a secure storage facility.
Another important aspect of KSCs is to handle security sensitive material - smart cards and pass phrase forms, etc. in a secure manner. One piece of work I undertook for the Met Police at New Scotland Yard required storing a computer server securely. The tamper evident bags (a little like sandwich bags) which were used for most items (smart cards and password forms) were not large enough, so it was deemed necessary to use body bags for the purpose. I recall carrying a full body bag from one end of the NSY office buildings to the other.
PKI is a mature mathematical concept, generally recognised to have been instantiated by Alan Turing in the WWII timeframe. Turing was a behind the scenes mathematics expert who is generally considered to have reduced the length of World War II by several years. Turing, in tandem with Polish cryptographers discovered how to crack the German Enigma code, which enormously helped Britain and the US to defeat Nazi Germany. Despite Turing’s genius contributing to the saving of perhaps millions of lives, he was prosecuted for being a homosexual. He was found guilty, as punishment he chose to be castrated in preference to being imprisoned for many years, at the age of 41 he died, it was officially recorded as suicide. In 2009 following an internet campaign, the then British Prime Minister (Gordon Brown) made a public apology for the way Turing was treated. Turing was given a posthumous pardon, whereby the government admitted it was wrong to have prosecuted Turing for the crimes (homosexuality) he was accused of. We visited Bletchley Park (near to Milton Keynes) together in July 2019.
PKI has served me very well, but it's a little too cumbersome for the future, such as the Internet of Things (IoT). PKI scales to millions and even tens of millions of entities, but certainly not to the billions which IoT needs and will get with the security approach which will likely supplant PKI: blockchain. It doesn’t mean PKI is dead, as blockchain likely won’t be suitable for governments and banks, etc. which need the more robust trust basis which PKI provides. Blockchain will serve the masses (billions) and PKI will co-exist alongside it, in a more prevalent role for volume requirements up to millions.
RSA algorithm is a fundamental bedrock of PKI and been in use since around since 1978. Despite the massive increases in computer power beyond that date, PKI remains almost universally recognised as the strongest means to make information secure on the internet. PKI is about more than just the internet, I’d suggest that all secret documents in the UK, US and European governments / military organisations are protected in some part by PKI. There are varying degrees of opinion about how long PKI will remain secure, however, a new construct named Quantum computing is a huge threat to the future security of the internet if it becomes available to adversaries.
Since their invention, computers have relied upon binary mathematical theory whereby something can either be on or off, typically a one or a zero. Quantum computing uses a different premise, whereby something can be on or off, as well as various other states. The best analogy I have heard is that it can be likened to a coin being flipped, which ends as heads or tails (i.e. 0 or 1), but during the flipping phase is at various states during its rotation. The coin rotation could be measured in degrees (360 in a circle) and by 60 minutes in each degree and by a further 60 seconds in each minute. In this analogy, a simple coin-flip could have approximately 1.3 million (360 x 60 x 60) outcomes. It requires enormous expense to implement, however, there is some inevitability that quantum computing will happen. The hope is that the good guys (often referred to as the West) learn how to harness quantum cryptography before the bad guys do. I draw an analogy with the development of nuclear bombs, it was so important America (allied with Western Europe) gained nuclear supremacy before the Soviet Union did. If Stalin’s Soviet scientists had attained nuclear supremacy over the USA, our lives would likely have been completely different as the Soviets would almost certainly have used their supremacy to their military advantage. It should also be recognised that quantum computing also has enormous potential for positive use, such as weather forecasting and health research.