RE: integrity and mail encryption

["Ig Vermaak" <Ig.Vermaak () namitech com>]

Hi Pranav,

First thing to remember is that the term “public key infrastructure” does not only refer to the “technical” details 
involved with the certificates, meaning that it also covers aspects involving the processes and procedures around PKI. 
An example of this is the way in which we issue certificates to end-users, the basic process is:

- User requests a certificate
- PKI Administrator creates a “passcode” that will allow user to download cert from our Managed PKI web interface.
- Upon receipt of this passcode (which is in a sealed envelope and can only be used once) user provides identification, 
in our case we use our identity document, to the administrator.
- User agrees to take full responsibility for the safekeeping and protection of the private key associated with this 
cert.
- User downloads and installs certificate.

Then to get to your question regarding how PKI provides non-repudiation – there are roughly 3 “mainstream” ways to 
issue and install a user certificate. The 3 being:

- Software, i.e. it sits inside the Microsoft Certificate Store and can be password protected.
- Smartcard / Token, the cert resides on a smartcard which can also be PIN protected.
- Smartcard combined with Biometrics, the cert resides on a smartcard that can only be unlocked by supplying the 
correct biometric features.

So in all of these cases the user can give access to his/her private key to another person, just as the administrator 
of your domain can give the domain admin password to someone. This is where the correct processes and procedures make 
the difference. Also proper user training ensures that users realise the importance of protecting their private keys. 

From the 3 techniques listed above it is obvious that the first is the least secure, and most likely to be compromised. 
The second is much more secure, due in part to the fact that once a private key is put on a smartcard it cannot be 
exported again, only deleted. The 3rd option is by far the way to go if you want to be almost 100% sure that they 
private key cannot be compromised – but here it is recommended to consider if your not doing “security by obscurity”. ☺

So in summary – the only way to ensure non-repudiation is by having the correct procedures and security mechanisms 
around your public key infrastructure. The weakest point will always be the human factor.

Regards

Ig Vermaak
Information Security Engineer

Altech NamITech
Proudly South African

Tel No:       +27 11 458 0000
Direct No:  +27 11 372 3903
Fax No:      +27 11 372 3903
Cell No:      +27 82 780 6980
 
ig.vermaak () namitech com

NamITech Holdings (Pty) Limited Directors: CG Venter (Chairman), AR Jones (Managing Director)*, JEW Carstens, 
JJ du Plooy, NB Kettles*, J Meuthen (German), SA Msibi, NA Ntsele, SH Sidley, K Vedder (German).
Alternate Directors: AP de Wet, FM Haniel (German), M Kümmerle (German), N Mwale* - *Executive
Reg. No. 1972/00321/06
NamITech (Pty) Limited Directors: AR Jones (Managing Director), M Saunderson (Financial Director), SH Sidley, CG Venter.
Reg. No. 1987/006412/07
Company Secretary: Altech Management Services (Pty) Limited.    

Web: http://www.namitech.com/

This email is subject to an email disclaimer
To read our e-mail disclaimer notice go to http://www.namitech.com/email.htm
Alternatively please contact us on:  +27 11 458 0000

       -----Original Message-----
       From: Pranav Lal [mailto:pranav.lal () gmail com]
       Sent: 05 November 2005 06:03 PM
       To: security-basics () securityfocus com
       Subject: RE: integrity and mail encryption

       Hi Adrian,

        How do you establish ownership of a private key? As others have said you need a certifying authority to 
establish       this so a public key infra-structure by itself does not provide non-repudiation.

       Pranav
       on Friday 11/4/2005 02:40 PM, Adrian Floarea said:

        In fact the public key digital signature provide non-repudiation which means that only the person which has the 
        corresponding private key can make a digital signature. Shortly, the process is: you have a private key and a   
public key. The private key is secret. When you make a digital signature, first you make a hash of electronic   data 
and after that, you encrypt this hash with your private key. When someone wants to verify your signature,  make again 
the hash on the data, decrypt the original hash using your public key and after that, compare them.  Because, you are 
the only person which has the private key, you can't deny that you are the person who make the         original digital 
signature.

       Actually the process is much complicated, but the essence is that what I explain bottom.

       Regards,

       Security Product Team Leader
       Adrian Floarea, CISA
       Information Security Department
       Bucharest, Romania
       Email: adrian.floarea () uti ro

       -----Original Message-----
       From: Pranav Lal [mailto:pranav.lal () gmail com]
       Sent: Wednesday, November 02, 2005 11:21 PM
       To: security-basics () securityfocus com
       Subject: RE: integrity and mail encryption

       Hi Bob,

       How does public key encryption provide non-repudiation

       Pranav