Secure environment (PKI)
This appendix describes the secure environment in which the PKI is operated. It describes in particular:
- The concepts of secure environment and the corresponding data objects handled by the PKI,
- The role of the various entities involved in the operation process of a PKI.
Concepts and objects managed by a PKI
This appendix presents the key concepts for understanding the role of objects managed by a
- Presentation of the principles structuring a safe process,
- The role of dual-keys,
What is a secure process ?
Definition of a PKI
With a PKI (Public Key Infrastructure), each holder has a pair of keys - a private key, known only by his owner, and a public key - linked by a complex mathematical relationship, making it virtually impossible to determine the private key from the only knowledge of the public key. This means that the probability of determining the private key from the public key in a reasonable
time is very low.
Data encrypted with a key (typically, the public key) can only be decrypted with the other (typically the private key). The confidentiality of all exchanged messages is based on this principle. This process is commonly called "asymmetric cryptography" as opposed to "symmetric cryptography" that uses a common key for both encryption and decryption.
The four pillars of information exchange security
This electronic identity card aims at establishing an environment of trust to which the four pillars are:
- Authentication identifies parties in a sure and reliable way,
- Confidentiality prevents non-recipients to read the data,
- Integrity ensures that data has not been altered,
- Non-repudiation makes it impossible for a party to refute the transmitted information.
The cryptographic solution
Because of the technology used (protocols, architectures, etc.), the information circulating on the Internet is not confidential. The technologies also do not allow to meet the other three security requirements set out above.
To preserve the confidentiality of exchanges via the Internet, the data must be rendered incomprehensible to all, except for the recipients. Encryption is the right solution.
Data encryption naturally accompanies system’s users’ authentication. While some data are confidential, it is necessary for issuers and recipients of this information to authenticate safely and unequivocally, to conduct secure exchanges.
Authentication is based on the possession of a certificate. This element is issued by a Certification Authority that stakeholders of a transaction trust (in our case, the Certification Authority is RTE). Thus, the carriers can have confidence in the information provided to them and RTE knows that only authorized holders access the information.
In a similar process, in daily life, it is necessary to provide a piece of identification issued by an authority to access certain privileges reserved for citizens of the country (expensive purchases, voting, etc.).
The importance of dual-keys
Each holder has a public key and an associated private key:
The private key is a key that the holder must keep confidential. He is the only one to possess and with the ability to use it. He does not necessarily know it himself (for example: it may be in a smart card of which it cannot come out, but access to the card is protected by a PIN code known only to its owner)
The public key, as its name suggests, is public and can be communicated to all. The public keys of holders are used only to encrypt messages intended for them. If an encrypted message was intercepted, it would be without consequence on its confidentiality as it cannot be decrypted (in a reasonable time) by a person not having the associated private key.
The private key enables its owner to sign a message he sends and to decrypt an encrypted message he receives. In contrast, the public key of a person is used to encrypt a message sent to him and to verify the signature of a message he receives.
Encryption and decryption of a message
Each message is encrypted by the recipient's public key that will decrypt it with his private key.
When RTE sends a message to the client A:
Encryption and decryption with dual-keys.
- RTE has the public key of client A (via the public part of the certificate).
- RTE automatically encrypts the message using the public key of client A and sends it via RTE’s email system.
- Client A receives the message and automatically decrypts it with his private key.
The usage of keys to sign a message
Each message is signed by the private key of the issuer. The origin (the signature) of a message can be controlled by the public key of the issuer, freely accessible via its certificate.
To prove to client A that the received message is actually from RTE, RTE automatically signs the message with its (RTE’s) private key before sending to the client A.
Signing and signature verification with dual-keys.
When the client A receives the message from RTE, it automatically verifies the signature of the received message with the public key of RTE.
Objectives of digital certificates
Since public keys are used to verify electronic signatures and encrypt messages, it is essential for any carrier to be certain of the identity of the owner of a public key: it is the role of
Characteristics of a certificate
A certificate is a digital ID:
- That guarantees the identity of the holder from a remote site,
- That includes data facilitating the identification,
- That is resistant to counterfeit and issued by a trusted third party: the Certification Authority.
A Certification Authority is an entity that creates and manages certificates. It defines the rules for registration in the various holders’ PKI.
Structure of a certificate
A digital certificate contains:
- the public key of its holder,
- the name of the holder and any other identification information (email address of the person if the certificate is used to sign emails),
- the certificate’s period of validity,
- the name of the certification authority that issued the certificate,
- a unique serial number,
- the signature of the certification authority.
Examples of certificates
A digital certificate on Internet Explorer
A digital certificate on Mozilla Firefox
- Subscription contract to RTE’s secure Information System.
When the holder will get in touch with his new secure environment, he will be faced with a specific terminology, the terms of which are described in this section:
Checking the validity of the claimed identity of a user, a device or other entity in an information or communication system.
A digital certificate plays the role of electronic identity (e-passport). It guarantees the identity of its owner in electronic transactions and contains all the information enabling the identification (name, possibly company, address, etc.). A digital certificate is composed of a public key and personal information about the holder, all signed by a Certification Authority.
Secure hardware or software container for storing a user's private and its associated key certificates, website certificates, other users’ certificates and CA certificates. This container is usually protected by a password or PIN that will eventually have to be entered at each use of a private key based on the expected level of safety.
A Certification Authority (CA) is an entity that issues digital certificates, electronic equivalents of identity documents, to a population. By distributing digital certificates, the Certification Authority or Trust Authority, serves as moral support by committing to the identity of a person through the certificate it issues him. According to the credit of the Certification Authority, the certificate will have a field of more or less extensive applications limited to a company’s internal trade (as a company badge) or be used in relations with other organizations and administrations (such as a national identity card or passport).
Property of data or information that are not disclosed or made available to unauthorized persons.
Discipline including the principles, means and methods of data processing in order to hide their semantic content, establish their authenticity, prevent that their modification goes unnoticed, prevent repudiation and prevent their unauthorized use.
Secret digital quantity attached to a person, allowing him to decrypt encrypted messages received with the corresponding public key or to affix a signature to messages sent.
Digital quantity attached to a person who passes it out to others people in order to make them able to send him encrypted data or to verify his signature.
Data transformation using cryptography to make them unintelligible in order to ensure confidentiality / inverse transformation.
HTTPS is a secure version (S secured to) the HTTP protocol used in all web browsers to exchange information over the Internet.
Ensuring that data or information have not been modified or altered in an unauthorized manner.
Property obtained with cryptographic methods to prevent a person from denying having performed a particular action on the data (for example: non-repudiation of origin, certification requirement, intent or commitment, establishment of property).
File format used to store a private key and its associated certificate protecting a password. The file extension is usually ".p12
" or ".pfx
- Virtual Private Network (VPN)
A VPN (Virtual Private Network) allows an interconnection of local, remote networks via a tunnel technique. The tunnel is a secure communication channel through the internet and wherein data travels in an encrypted manner.
The revocation is the process that deletes the surety made by the Certification Authority concerning a certificate, made at the request of the subscriber or any other authorized person. The request may be the result of different types of events such as compromise or destruction of the private key, the change of information contained in the certificate, failure to comply with the certificate usage rules.
- S/MIME (Secure / Multipurpose Internet Mail Extensions)
S/MIME is a standard of encryption and digital signature of emails. It provides integrity, authentication, non-repudiation and confidentiality of data.
The electronic signature of a document containing a signatory with a private key a numerical summary of this document
(Obtained by applying a hash function), which can not be modified without being visible.
Like the handwritten signature, it engages the responsibility of the signatory.
Determines the security settings applied by a browser when accessing a site. If a site is declared as a "trusted site
", the browser will apply for example a lower level of security that a site belonging to the "Internet
" zone potentially carrying threats.
A Frequently asked Questions section is available on the certificates retrieval website at the address: