Keys

Traditional cryptography relies on the sender and receiver of a message knowing and using the same secret key. When both sender and receiver use the same secret key, the system is referred to as a symmetric or single-key crypto system. The problems with using the same secret key are: how is one selected, how do the parties inform each other of the secret key if they are not physically in the same location, how do they change keys from time to time, and how is the secret key kept secure.

Public-key cryptography was proposed as a solution to the problems found in traditional, symmetric key cryptography. In public-key cryptography, each person, host, or network participating in a coded exchange, receives a pair of keys: one public and one private. The private key is kept a secret and the public key is published so that anyone who wishes to communicate confidentially with a person or an entity can do so by encoding their message using the public key. The confidential message can then only be decoded by the private key, which is kept in the sole possession of the intended recipient.

SKIP is a public-key, certificate-based, key-management scheme. It uses certified Diffie-Hellman public values to eliminate the need for prior communications between two entities wishing to exchange encrypted data.

There are times when it is useful to allow a system to have more than one pair of public-private keys. For example, different key sizes may be required when communicating with subsidiaries in other countries because of U.S. or local regulations. To meet these user requirements, SunScreen SKIP's implementation permits a system to possess as many local keys as required. Public-private key pairs like UDH keys can be used for authentication.