This Section presents an overview of the cryptographic service calls for the secret-key and public-key cryptosystems. To fully understand these service calls, readers may wish to read [Rus91] to learn more about the two prime cryptographic technologies.
In secret-key cryptography, a secret key is established and shared between two individuals or parties and the same key is used to encrypt or decrypt messages, therefore, it is also referred to as symmetric cryptography. If the two parties are in different physical locations, they must trust a courier, or some transmission system to establish the initial key and trust this third-party not to disclose the secret key they are communicating. The generation, transmission, and storage of keys is called key management. Ensuring that key storage, exchange of new keys and destruction of old keys are performed securely often creates complex key management requirements for secret key cryptography. The ANSI X9.17 Financial Institution Key Management (Wholesale) Standard prescribes a uniform process for the protection and exchange of cryptographic keys for authentication and encryption in the financial community [ANS85].
In a public-key cryptosystem, a user makes use of a pair of keys: a public key and a private key. The public key of a user can be made public without doing any harm to security, while the private key of a user never leaves the possession of its owner, which is increased security over the secret key cryptography [Fah92]. With public key cryptography, no single key is used for both encryption and decryption, thus, it is also referred to as asymmetric cryptography. It is beyond the scope of this document to describe how public-key encryption works, interested readers are referred to [NIS91b] for the details. Since a user's public key is made public, certain control is necessary so that a user's public key cannot be tampered with. The application of public-key cryptography thus requires an authentication framework which binds users' public keys and users' identities. A public-key certificate is a certified proof of such a binding vouched for by a trusted third-party called a Certification Authority (CA). The use of a CA alleviates the responsibility of individual users to verify directly the correctness of other users' public keys. Public key certificates are managed by a certificate management system, the development of which is very complex. Reference [Nec92] gives a detailed discussion of the issues involved for managing public-key certificates.