How PKI Works
- By William Matthews
- Jun 05, 2000
For electronic government to work, agencies and individuals must be convinced
that transactions can be carried out privately and that documents are authentic.
The paper world relies on signatures. The computer world needs an electronic
Personal identification numbers and passwords have proven to be relatively
insecure. Smart cards and biometrics (retina, iris and fingerprint scans,
for example) are possibilities, but expensive. For now, the federal government
is promoting PKI — public-key infrastructure.
PKI is a system for encrypting, decrypting, signing and verifying the
authenticity of information that is transmitted over the Internet.
It works by providing each Internet user with two "keys" — one that
is public and one that is private. The private key is available only to
the user. The public key is available to anyone — a bank, an agency case
worker, a sales clerk — on a publicly accessible World Wide Web site.
When an individual transmit a document that he or she wants to remain
private, such as a sales contract, tax information or a bank statement,
he or she encrypts it with the public key of the recipient. That way, only
the recipient has the correct private key to decrypt it.
PKI includes functions that enable message recipients to verify that
documents have not been changed and to determine which keys have been used
to encrypt and decrypt documents. Another PKI feature is a digital signature
to positively identify the sender. Thus, PKI ensures that documents are
authentic and that the people involved in a transaction really are who they
say they are.
Federal security experts believe PKI will provide the level of confidence
needed for the public to widely accept electronic government, according
to the General Accounting Office.