Microsoft Windows 2000 Public Key Infrastructure White Paper
Monday, April 19, 1999
-------------------------------------------------- ----------------------------- Windows 2000 operating system introduces a comprehensive public key infrastructure for the Windows platform (public- Key Infrastructure, referred to as PKI). This infrastructure extends encryption services based on Windows Public Key (PK) in the previous Windows system, which provides a service and management tool, such as an integration collection of PK-based applications, such as creating, configuring, and managing PK-based applications. This document explains how the application developer can make full use of the secret sharing security mechanism in the Windows operating system or Based on the PK security mechanism, and explain the benefits of enterprises to get integrated management tools and policies, then summarize the Windows 2000. PKI. -------------------------------------------------- ------------------------------
Content encryption is a scientific method for protecting data. The encryption algorithm combines the input text data and an encryption key in mathematics to generate encrypted data (ciphertext). Through a good encryption algorithm, the reverse encryption process is performed by ciphertext, which is not so easy, requiring a decryption key to perform corresponding conversions.
Traditionally, in the secret (or symmetric) key encryption algorithm, the encryption and decryption key is the same, and information is shared by these two keys. It is desirable that companies pass information through symmetrical key encryption algorithms must safely exchange their encryption and decryption keys before exchange cipher.
In contrast, the basic characteristics of the public key algorithm are different from the encryption and decryption key. The process using the public key encryption is a one-way function, and the text is converted into ciphertext, but the encryption key and the decryption process are unsatisfactory. A different decryption key is required (related, but different from the encryption key) converts the ciphertext into the original text. Thus, for the public key encryption algorithm, each user has a pair of keys, consists of a public key and a private key. By disclosing the public key, you can send you only information that you can decrypt. Similarly, you can use a private key encrypted data so that each other can confirm that this cipher source.
This document briefly describes the main principle of the PK encryption method. LEM: The horizontal line describes the way the verification is to verify the identity through the public key.
