What Key Management Issues are Involved in Public-Key Cryptography?
Secure methods of key management are extremely important. In practice, most attacks on public-key systems will probably be aimed at the key management level, rather than at the cryptographic algorithm itself. The key management issues mentioned here are discussed in detail in later questions. Users must be able to securely obtain a key pair suited to their efficiency and security needs. There must be a way to look up other people’s public keys and to publicize one’s own key. Users must have confidence in the legitimacy of others’ public keys; otherwise, an intruder can either change public keys listed in a directory, or impersonate another user. Certificates are used for this purpose (see Question 123). Certificates must be unforgeable, obtainable in a secure manner, and processed in such a way that an intruder cannot misuse them. The issuance of certificates must proceed in a secure way, impervious to attack. If someone’s private key is lost or compromised, others must be made aware o
