Windows 7 / Security and Privacy

---

Understand Private/Public Key Encryption

Several encryption schemes for securing data transmission are in current use: private key encryption, public key encryption, and combinations of the two. The set of these three schemes and the technology and standards or protocols that surround them collectively is known as the public key infrastructure (PKI). In Windows Server 2008, PKI is an integral part of the operating system, especially in Active Directory. Windows Server 2008 has implemented all three encryption key schemes and fully supports them with AD CS.

Private Key Encryption

Private key encryption, or symmetric cryptography (which is also what is used with file and folder encryption, as previously discussed), is relatively old and uses a single key to both encrypt and decrypt a message. This means that the key itself must be transferred from sender to receiver. If this is done over the phone, the Internet, or even a courier service, an unauthorized person simply needs to intercept the key transfer to get hold of the key and decrypt the message. Private key encryption, though, has a major benefit in that it is much faster (as much as 1,000 times faster) than the alternatives. Private key schemes are therefore valuable in situations where you do not have to transfer the key or can do so with security-for example, for personal use such as data encryption, as just discussed, or sending information to someone that you first meet face to face. Several private key encryption schemes are available with Windows Server 2008 for exchanging information. If you are transferring information among Windows Server 2008 and Windows Vista computers, Advanced Encryption Standard (AES) 128 will be used by default using a key 128 bits long. Within the same versions of Windows, AES-192 and AES-256 are also available with respectively longer keys. For exchanges with older versions of Windows and other operating systems, the default is to use 3DES (three-step encryption using the Data Encryption Standard). The older DES using a 56-bit key is no longer felt to be secure.

Public Key Encryption

Public key encryption, or asymmetric cryptography, which was developed in the mid- 1970s, uses a pair of keys-a public key and a private key. The public key is publicly known and transferred, and is used to encrypt a message. The private key never leaves its creator and is used to decrypt the message. For two people to use this technique, each generates both a public key and a private key, and then they openly exchange public keys, not caring who gets a copy of it. Each person encrypts their message to the other by using the other person's public key, and then sends the message. The message can be decrypted and read only by using the private key held by the recipient. The public and private keys use a mathematical algorithm that relates them to the encrypted message. By use of other mathematical algorithms, it is fairly easy to generate key pairs, but with only the public key, it is extremely difficult to generate the private key. The process of public key encryption is relatively slow compared with private key encryption. Public key encryption is best in open environments where the sender and recipient do not know each other.

Combined Public and Private Key Encryption

Most encryption on the Internet actually is a combination of public and private key encryption methods. The most common combination, Secure Sockets Layer (SSL), was developed by Netscape to go between HTTP and TCP/IP. SSL provides a highly secure and very fast means of both encryption and authentication.

Recall that private key encryption is very fast but has the problem of transferring the key, whereas public key encryption is very secure but slow. If you were to begin a secure transmission by using a public key to encrypt and send a private key, you could then securely use the private key to quickly send any amount of data you wanted. This is how SSL works. It uses a public key to send a randomly chosen private key, and in so doing sets up a "secure socket" through which any amount of data can be quickly encrypted, sent, and decrypted. After the SSL header has transferred the private key, all information transferred in both directions during a given session-including the URL, any request for a user ID and password, all HTTP web information, and any data entered on a form-is automatically encrypted by the sender and automatically decrypted by the recipient.

Several versions of SSL exist, with SSL version 3 being the one currently in common use. SSL 3 is both more secure than, and offers improved authentication over, earlier versions.

Another combination of public and private key methods is Transport Layer Security (TLS), which is an open security standard similar to SSL 3. TLS, which was drafted by the Internet Engineering Task Force (IETF), uses different encryption algorithms than SSL. Otherwise, TSL is very similar to SSL and even has an option to revert to SSL if necessary. Both SSL 3 and TLS have been proposed to the World Wide Web Consortium (W3C) standards committee as security standards.

Encryption Keys and Certificates

The PKI in Windows Server 2008 and in general use on the Internet depends on digital certificates to issue, authenticate, and maintain encryption keys. (See "Certificate Authentication," earlier in this tutorial, for a discussion of certificates and how to issue and use them.) To get an encryption key, you get a certificate, of which the key is a part. To authenticate the key, you use the certificate that it is a part of. The key is stored in a certificate, which is the means by which keys are maintained in an organization. AD CS in Windows Server 2008 provides all of these services.

NOTE: Windows Server 2008 includes a feature called Cryptography Next Generation (CNG) that interfaces with the PKI to allow the creation and use of custom cryptography algorithms.