EndCryptor's  method of renewal of public keys
Home

A public key infrastructure means that there is a Certificate Authority that digitally signs (certifies) every new public key. Users have the public key of the Certificate Authority and use this public key to verify the new public keys of users.

EndCryptor delivers the new public keys of the sender in every encrypted message. When the message has been decrypted the new public keys are ready to be used. The encrypted message that delivers the new public keys is signed by a previous public key that the receiver is known to have. The public keys are specific to the receiver: if say Alice has many contacts then each one of them uses a different public key of Alice when a message is sent to Alice.

Using the Certificate Authority based method one public key may be in use for many years. New public keys must be certified (signed) by the Certificate Authority and then somehow delivered to the users.

If the Certificate Authority based method is used then the first exchanged message between the parties involved can be an encrypted one.

EndCryptor, however, requires that the first public keys are delivered in a special initialization file when a new contact is added. If Alice adds Bob as a new contact then Alice sends to Bob one initialization file. Bob receivers the file and sends another initialization file as a reply back to Alice.

At some point in time Alice and Bob may contact each other and verify that they really are Alice and Bob (in the Internet it is possible to fake the sender of email) and that they received the files unaltered. A checksum is displayed and that number must be the same for the both parties. This verification can be done e.g. using telephone conversation. When a contact has been verified its state is verified otherwise the state is non-verified. When sending to a contact the state of the contact is shown. After the initialization new public keys are exchanged in encrypted messages whenever Alice and Bob communicate.

Home