ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

255

cryptography as asymmetric.

Symmetric cryptography, such as DES, 3DES, AES, is normally used for data transmission, since it

requires less computation power than asymmetric cryptography. The task of privately choosing a key

before communicating, however, can be problematic. Applications in real case may use asymmetric

cryptography for to protect distribution of keys (symmetric), and uses symmetric cryptography for

data transmission.

Asymmetric cryptography solves the key exchange problem by defining an algorithm which uses two

keys, each of which can be used to encrypt a message. If one key is used to encrypt a message, then

the other must be used to decrypt it. This makes it possible to receive secure messages by simply

publishing one key (the public key) and keeping the other secret (the private key).

G02. What is PKI?

PKI is acronym of Public Key Infrastructure. A PKI is a comprehensive system of policies, processes,

and technologies working together to enable users of the Internet to exchange information securely

and confidentially. Public Key Infrastructures are based on the use of cryptography – the scrambling

of information by a mathematical formula and a virtual key so that it can only be decoded by an

authorized party using a related key.

A PKI uses pairs of cryptographic keys provided by a trusted third party known as a Certification

Authority (CA). Central to the workings of a PKI, a CA issues digital certificates that positively

identify the holder's identity. A Certification Authority maintains accessible directories of valid

certificates, and a list of certificates it has revoked.

G03. What are the security services PKI provides?

PKI brings to the electronic world the security and confidentiality features provided by the physical

documents, hand-written signatures, sealed envelopes and established trust relationships of traditional,

paper-based transactions. These features are:

Confidentiality: Ensures than only intended recipients can read files.

Data Integrity: Ensures that files cannot be changed without detection.

Authentication: Ensures that participants in an electronic transaction are who they claim to be.

Non-repudiation: Prevents participants from denying involvement in an electronic transaction.

G04. What are the main elements of a PKI?

A PKI includes:

A Certification Authority

Digital certificates

Mathematically related key pairs, each comprising a private key and a public key

These elements work within a formal structure defined by: