Public Key Infrastructure :
Public key infrastructure, or PKI, allows two or more users of the Internet or an insecure public network to privately and securely exchange information through the use of a public and private key pair. This cryptographic key pair or set is shared through a TA (trusted authority). In the currently employed scheme throughout industry, public key infrastructure lets a digital certificate be created which can identify either an organization or individual. Additionally, it can reference a directory service which is capable of storing or when required, revoke certificates.
Why PKI is used on Internet:
PKI, or public key infrastructure, leverages public key cryptography for authenticating a message sender is valid (or who they say they are) as well as for encrypting information. Classic studies of cryptography have relied on the creation and subsequent sharing of a secret key for the encryption of and decryption of information. The primary flaw in this system, is that if the key is intercepted, discovered, guessed, or “cracked” by a third party, the information or messages being sent can be decrypted and read or used. As a result, public key cryptography and PKI are the preferred manner on the Internet by avoiding the pitfalls of classic cryptography.
What makes up a Public key Infarstructure:
PKI consist of the following:
1. A CA (certificate authority) that is responsible for issuing and verifying the authenticity of digital certificates. A certificate will contain the public key or information regarding the public key being used.
2. A RA (registration authority) which performs the role as the verifying authority for the CA prior to a digital certificate being issued to a requestor (in charge of preventing any consumer from purchasing a Microsoft certificate as an example).
3. One or many directories that store all valid digital certifications (i.e. all of the public keys currently valid).
4. A certificate management scheme or system able to scale to the number of certificates being managed.
Examples of PKI use :
There are a number of uses for a public key infrastructure depending on what the purpose of one’s organization, company, or group is. The common example uses of PKI include:
1. Encryption and / or authentication of a document.
2. Encryption and / or sender authentication of an email message.
3. Authentication of a user to an application. This can include a smart card logon with PIN number or a client authentication using SSL (or both).
4. Mobile signatures. These are electronic signatures which rely on a certification or signature service in a location independent environment.
5. Bootstrapping secure communication protocols such as SSL or Internet key exchange (IKE). For each of these cases, the initial setup of a “security association” makes use of a public key (i.e. an asymmetric key), where the actual communication relies on the faster (private) or symmetric key.
Steps to Encrypt Email in Mozilla Thunderbird :
Step 1. Download and install Mozilla Thunderbird onto your computer if you are not already a user of the application.
Step 2. Launch the Mozilla Thunderbird application by double clicking the icon on your computer’s desktop.
Step 3. Select the “Tools” and “Account Settings” menu button to launch the account wizard.
Step 4. Enter the relevant email information for the account you are going to use with Thunderbird. You will have to enter your name and email address at a minimum. Then, click the “Next” menu button.
Step 5. Input the applicable email server information.
Step 6. Click the “POP” menu option and enter the incoming server name. If you do not know the name, you will have to locate in the FAQ or help menu of your email service. As an example, Gmail uses “pop.gmail.com.” Then, remove the check from the “Use Global Inbox” check box and choose the “Next” menu button.
Step 7. Input the user and account name for your email account. Then, choose the “Next” menu button and input an account name for use in Thunderbird and select the “Next” menu button.
Step 8. Verify the information entered into Thunderbird and click the “Finish” menu button to go back to the “Account Settings” window.
Step 9. Complete the outgoing server information. Input the server information provided from your email provided. For Gmail, the entry is: “smtp.gmail.com” and the port setting will need to be modified to “955.” Then, click the “Ok” menu button. Thunderbird will require you enter your user name and password on first use for the email account.
Step 10. Download the Enigmail extension to your computer (Select the “Save Link As” menu option).
Step 11. Download the GNUPGP software for Windows (Enigmail does not do this for you).
Step 12. Execute or run the GPGP installer on the computer. GNUPGP will then be installed under the “Program Files” directory on a Windows computer.
Step 13. Open Thunderbird if the program is not currently running.
Step 14. Select the “Tools,” “Options,” “Extensions,” and “Install New Extension” menu options.
Step 15. Select the “Enigmail” extension file.
Step 16. Restart Thunderbird. “OpenPGP” will now display as a menu option.
Step 17. Choose the OpenPGP menu item and then select the “Preferences” menu choice.
Step 18. Select the dialog that points to the GnuPGP binary file and choose the “Browser” menu option. The GPG plugin is normally installed under the “Program Files” sub-directory on a Windows computer.
Step 19. Generate a public and private key pair from within the OpenPGP menu. To do this, select the “Key Management” menu choice. The, from the “Generate” menu and select the “New Key Pair” menu option.
Step 20. Select the email address that you desire to create a key for and input a “passphrase.”
Step 21. Choose the “Generate Key” menu button and wait for several minutes.
Step 22. Once the application has generated the “keys,” you will need to create a “revocation certificate” and save it in the case your private key is ever compromised.
Step 23. Thunderbird is now configured to send encrypted email. To locate another person’s PGP key, select the “Key Management” menu option from OpenPGP.
Step 24. Select the “Search” menu option from the “Keyserver” menu. Then, locate another PGP user by email address or name and then add his or her key to the local key manager. Once saved, the person can now be sent encrypted email.
Step 25. Compose an email as you would normally do so.
Step 26. Encrypt the message by selecting the key underneath the lower, right-hand corner of the new email window. Additionally, you can sign the message by selecting the “pencil” button and then click the “Send” menu option to transmit your message.