ok so we talk about key management how we
can ah ah distribute the public key if you
are in public key setup how how we can distribute
the public key so in public key setup everybody
has a pair of key public key and private key
or public key and secret key so if ah that
if party is alice bob bimole palash so if
if they are in public key set up so everybody
has their public key private key so this is
the bob public key then ah e p d p so everybody
is having their public key private key period
and now suppose alice want to send a message
to palash so alice has to get palash public
key
so now the question is how alice will get
palash public key so how the public key ah
this this is a part of the key management
how it distribute the public key that is the
cha that is one issue now suppose alice want
to send a message to bob so alice need to
get this is d a so alice need to get bobs
public key that is e b so how alice will get
bob public key
so this is the part of the key management
ah so the key management in this area will
discuss ah two distinct ap ah aspect like
how to distribute these public key and we
will see how we can ah if you are in a public
key setup how we use the public key to ah
see at the secret key so first part distributive
of pu ah public key how we can distribute
the public key there are basically four techniques
we will discuss ah the first one is public
announcement so once i have a public key i
will keep on announce i have suppose i have
a mike so i will announce a this is my public
key this is my this that is some sort of public
announcement and the second record is publicly
available directory inside of public ah announcement
i we can maintain a directory where i can
put my public key and that directory should
be in a public domain so that everybody should
able to accesses and the public key authority
so if we keep the directory so public then
anybody can change their and do some changes
in that public key so that will ah create
some problem for the communication so for
that we can have a ah third party which is
public key authority and we can ask these
third party to maintain these directory
so some sort of ah trusted authority the third
party trusted party will be there and the
next one is public key certificate so if we
always ask this third party a give me the
public key of bimole i want to send a message
to bimole then ah bob is telling ok give me
a public key of palash i want to send a message
to palash so there is a bottleneck in the
ah at at the third party end at the public
key authority end who is having the public
key directory because so he he he has to answer
all the queries so there will be a bottleneck
band width problem will be there so we have
to solve this what we can do we can ah issue
a certificate so ah this third party or the
trusted party or authorized party they can
issue a the certificate to the each users
and that certificate will contained the public
key
so if i have to communicate with bimole so
i will ask bimole to show his certificate
so bimole is give me give me his certificate
so from that certificate i will come to know
bimoles public key so this is the way we can
avoid to communicating with the these third
party to avoid that bottleneck so this is
the public key certificate so let us come
to the ah this is ah yeah so this is the pa[rt]-
the first part the public announcement of
the public key so here ah the public key encryption
should be ah that public key should be public
for the public key encryption so it could
be r s a we can setup the r s a and we run
the r s a key generation and we got the public
key private key pair and then everybody can
announce their public key so this is as public
key so he keep on announcing my public key
so this is the uncontrolled public key so
it is having the drawback that so if i keep
on announcing then when i ah i mean ah i ah
i may not ah sending a message now and the
sender the receiver is announcing the public
key he is our public key now
so that is the probl[em]- i may send later
on so that time maybe the person is the receiver
is not announcing yeah he is our public key
so to ah work on this problem what we can
do we can maintain a publicly available directory
so one can maintain a directory like ah so
it is basically a file this is a public key
directory and public key sorry directory so
p k d so its basically content the name and
the corresponding public key so alice bob
bimole palash and once we have a public key
so we will publish their will go to that directory
and put that value suppose this is the public
key of alice ah this is the public key of
bob like this
ok so we will main maintain this directory
which is called p k d public key directory
now if suppose this directory is available
on a public domain ah for example it could
be a website in a public website we keep this
directory i mean this directory ah this file
has been maintain so suppose now alice wants
to send a message to palash so what alice
will do so alice will access this directory
and alice will so this is e palash e p so
alice will get palash public key and alice
will encrypt the message using palash public
key and send it to palash so this is the way
we have to get the ah public key of the ah
receiver so sender has to get the public key
of the receiver so what sender will do sender
will access that public key directory and
get the go to that corresponding field where
the receiver public key is there so get the
receiver public key and encrypt the message
using the receiver public key and send the
ciphertext to the receiver
ok now if we keep this just like this then
there is a problem the problem is so if it
is openly accessible to anybody so if ah so
and the attacker can go and can change the
public key of a person so attacker change
the public key of this bob say so we can change
just two bit then whole system will be disturb
then if if alice encrypt a message using this
wrong public key of bob then bob will not
able to decide per it bob will not able to
ge get the plaintext which is sending by the
alice so this is the so this this we cannot
keep just public just like this so so then
what what is the solution solution is we can
hire a third party which is a authority or
the tra trusted party who who can control
who can maintain this so a third party third
party or some authority trusted authority
trusted authority who can maintain this file
this is p k d dot doc say some file who can
maintain this file and if i have to get the
public key of somebody i will ask this authority
he give me the because then otherwise this
this file can be made read only mode then
i can only read the file i i i i should not
able to ah write anything on the file so if
i have to add my public key in the file so
suppose i have change my public key so i am
going to so i was having a public key over
here i was having a public key over here now
i change the public key so this key change
is a common thing because ah say for example
suppose my ah corresponding secret key is
revealed and i am fearing that may be ah it
it got ah ah it known to somebody so i will
i am now i am going to change this public
key private key pair so again run the setup
phase of the public key encryption public
key cryptosystem and then i got a new public
key so i have to change the whole public key
so what i will do i will contact the this
trusted authority who is having this control
on this who is maintaining this public key
directory and i will send my public key and
the trusted authority ah just ah change that
new public key replace this ah replace my
old public key by the new public key
ok so again that ah so how trusted authority
will ah so trusted authority can publish this
public key in a book form like you we have
a telephone directory telephone book the big
yellow book telephone book so like this periodically
this pub ah trusted authority can publish
this book in order to ah have that bottleneck
like if everybody is asking yeah what is the
public key of my sender and my receiver then
so it will be a headache for the trusted party
so to avoid that it can publish the public
key over a ah hard copy or some sort of ah
p d f file or something ok so that those are
basically read only so nobody can change there
ok so this is one way and another way is so
so this scheme is clearly more secure than
the individual public announcement but still
it is it has problem ah because ah so this
is the scheme so we are ah we we are hiring
a public key authority which will be ah having
this ah ah maintaining this public key directory
ok so ah so this is ah basically we are trusting
the authority now and also authority having
a bottleneck to ah if he has to give the public
key to the all the ah asking sender so for
to avoid this so we introduce the concept
of certificate public key certificate 
so this is basically so public key certificate
ah so basically this is an alternating approach
ah to to get the public key so the trusted
party the public key authority will issue
the issue the certificate and each certificate
containing a public key and the other information
like some timestamp and created by a certified
authority and it is giving to the participant
with the matching private key so suppose alice
and bob so bob is having this public key private
key pair ok and there is a trusted party here
say ah authorized party autho we can say who
is giving the certificate so what bob can
do bob can send a message to this bob can
send bobs i d i d of bob along with the public
key of the ah bob to get the certificate now
the authority is having its own public key
private key pair autho d autho so this is
the authorities ah public key private key
pair so now bob has to get ah its ah certificate
public key certificate so what bob will do
bob will send or yeah along with a timestamp
some session say for todays date it could
be date for today this is the certificate
of my ah for today so it may valid for some
time so will come to a standard of the certificate
so this is ah basically a time and this is
the i d of that person participant and this
is the public key it is send to ah authority
and what authority will do authority will
generate the certificate by signing on this
so signing means authority has to encrypt
this using authorities secret key so
t i d of b e b so this is the certificate
of bob this is the certificate of bob so if
i if alice has to get the certificate alice
has to do the same thing alice has to send
so alice also if alice has to send a certificate
from the authority alice has to alice has
to generate alice public key private key pair
it could be r s a it could be anything so
it is a public key cryptosystem so now alice
send a timestamp along with i d of alice and
along with the ah public key of alice and
then the authority will send back the certificate
which is basically c of a alice certificate
which is basically the digital signature on
this ah on this message i mean so this is
basically encryption of so digital signature
so it has to be by the private key of the
authority t i d of a e of a
ok so this is the certificate alice will receive
after asking from the authority so in this
way everybody is having their own certificate
ok now so this is the certificate generation
ah from the authority after getting the certificate
ah what alice so now suppose alice wants to
communicate with bob so bob is having e a
e b public key private key pair now bob having
the certificate which is basically signed
by the certified authority so this is the
digital signature d of auth
auth some timestamp i d of bob and the public
key of bob so now alice wants to send a message
to bob so alice ask bob certificate so bob
will send the certificate to alice c a and
what alice will do alice has to verify this
is bob certificate or not so for that so this
is signed by the authority so alice has to
check this signature so for that alice need
to decrypt it using authorities public key
so what alice will do alice will decrypted
using authority public key on this c a so
this is basically give us this part so this
is basically d of e auth of and this is basically
e of d auth t e of b
ok now these two will cancel it will give
us t of i d of b and e of b so now alice will
check the time ok this time is it is certificate
is current certificate or not some sort of
timestamp is there so i will alice will check
this time and also alice will check this i
d of the bob ok so this is ah this is the
i d of the bob so this is really a bob certificate
and alice then alice will get this e b the
bob public key by seeing the certificate ok
now after getting this alice after getting
the bob public key alice can choose a message
and encrypt the message 
using bob public key and send it to bob ok
so this is the way we can avoid to contact
ah the authority in order to get the public
key of the ah re send ah receiver so by just
by ah seeing the certificate we can get this
ok so similarly if there are other party like
ah say rob so everybody is having their everybody
every participant is having their certificate
which is issued by the ah trusted party or
the authority so alice bob palash rob so everybody
is having their own certificate c a c p c
sorry this is c b c a and c r
ok so now if and this was issued by the ah
the trusted party or the authority when you
ask when you ask for the certificate and this
content this certificate content what this
contain the timestamp the the the valuation
of the certificate how long it is valid kind
of thing and also this contain the i d of
the pa participant and it contain the ah public
key of that participant and it is digitally
signed by the authority and now if a person
wants to communicate suppose alice bob rob
wants to communicate with palash so palash
has to provide the certificate to rob and
rob will check whether this is the palash
certificate by checking the time and i d and
then rob will get the palash ah encryption
ah palash public key and rob will encrypt
the message using palash public key and sending
to palash
ok so this is the way we just ah generate
the certificate ah so each certificate as
you said each certificate containing a public
key and the other information is created by
the certificate certificate authority and
it is giving to the participant and with the
matching private key so a participant convey
this key information to another by transmitting
the certificate other participant can verify
the receiver sender can verify that the certificate
was created by the authority ok so four requirement
can be place here any participant can read
a certificate to determine the name and the
public key of the certificate owner this is
the first ah first ah ah first requirement
and the second requirement is any participant
can verify the certificate ah originated from
the certified authority and it is not counterfeit
ok so it is not a false certificate so this
this verification can be done should be done
by the ah any parti any participant only the
certified authority can create and update
the certificate so suppose i have currently
i have a certificate now i am changing the
public key or i want to change the ah because
i i am guessing that my corresponding secret
key has been revealed so what i do so 
so this is the trusted party or the authority
so which is having 
ok so this is the public key of the authority
private key of the authority so suppose i
this is me so i was having a private key and
public key pair and i was i was having also
a certificate which was containing this ah
this was digitally signed by the authority
and was having a timestamp along with my i
d and my public key
ok now suppose i i feel to change my public
key because i am fearing that may be my symmetric
secret key is revealed so i want to again
run that setup suppose we are in r s a setup
r s a cryptosystem so i want to run r s a
setup so again i do this p q and then n is
equal to p into q like this then i choose
two e b such that e is congruent to one mod
five n ok so five is basically p minus one
q minus one and then then this is my public
key this is basically e s and this is my ah
corresponding secret key new secret key now
so now this i want to ah so this setup i run
because i feel that i should change it i should
change my public key so so i run this setup
and i got the new setup public key private
key pair now i send a request for a new certificate
to the authority
so i have a timestamp may be todays time along
with that ah todays date along with the time
and i send my i d and i send my this is the
say new the current ah new public key so what
authority will do authority will ah do the
same thing authority will digitally sign on
this so e of d of auth along with t t star
i d of s along with s star and this al ah
authority will send it to me so now my certificate
is this c s is now replaced by c a st ah c
s is now replaced by c a star so this way
i can ah change the certificate i can update
the certificate and this can be only done
by the authorized person so this is the example
so this is the timestamp this is the i d of
a this is the public key and this is digitally
signed by the authority and so this c a is
the certificate of ah ah a and d auth is the
public ah private key of a this the ah authority
is digitally signing on this a message
so this[mechage/message] message is containing
timestamp i d and the public key of the participant
ok and then this can be verify by this way
which we have discuss so this is just ah so
this is the public key of the authority which
is public anybody ah can have the access of
this so ah he or she will take this public
key and decrypt this ah certificate of a and
check getting this and check whether this
is timestamp is ok and i d and get the the
the secret key of this now we will come to
a ah standard certificate standard which is
called x five zero nine so it is basically
a ah i mean standard so since it is a standard
it must have some ah criteria like what should
be the what are the field it should have so
we will just go to that so this is a certificate
standard so this is basically used r s a and
m d five and it was initially issued in nineteen
eighty eight and then it has some variation
so this is the next variation nineteen ninety
three and then this is the revised variation
again after nineteen ninety seven
so this is the ah this is certify a user certified
generated by the c a of the following characteristic
any user with access to the public key of
the c a can recover the so this is the basic
criteria of a certificate so no party other
than c a can modify this ah directory so let
us go to the figure so it has this these are
the field it has so version which of the version
serial number signature signature of the trusted
party and then issuer name the the this is
certificate is x five hundred so that is the
name of the issuer we can say period of the
validity so how many days you want ah the
certificate to be valid so that that field
also be needed then the subject name the name
of the user or name of the participant then
the public key information we need to keep
the public key into the certificate so that
is the public key of the participant and the
issuer unique identification then the subject
unique identification extension so then the
signature so this is the picture so this is
basically ah having these are the fields the
version certificate serial number the signature
algorithm we are using whether we are using
the r s a signature elgamal signature that
should be mentioned there issuer name period
of validity so this is ah basically and we
should have the ah public key of the participant
so this is basically ah called x five zero
nine ah certificate standard
ok so ah so this is the certificate standard
and everybody ah can have their own certificate
in order to communicate in a public key cryptosystem
in order to encrypt decrypt in a public key
cryptosystem
thank you
