Public Key Infrastructures - PGP vs. X.509

Reliance on electronic communications makes information more vulnerable and users require confidentiality, message integrity, sender authentication and sender non-repudiation. Public key cryptography provides these services. The goal of a Public Key Infrastructure (PKI) is to enable secure, convenient and efficient discovery of public keys. There are various types of PKI that are deployed. They differ in the certificate format, trust rules and configuration. In this article systems with X.509 and PGP certificates are described, with their advantages and disadvantages. The goal of this analysis is to highlight the differences between both systems and to provide the reasons for their usage.

[1]  S. J. Mullender Introduction to distributed systems , 1992 .

[2]  David W. Chadwick,et al.  Merging and extending the PGP and PEM trust models-the ICE-TEL trust model , 1997, IEEE Netw..

[3]  H. L. Kesterson Digital signatures. Whom do you trust? , 1997, 1997 IEEE Aerospace Conference.

[4]  R. Perlman,et al.  An overview of PKI trust models , 1999, IEEE Netw..

[5]  Yoshiaki Isobe,et al.  Development of personal authentication system using fingerprint with digital signature technologies , 2001, Proceedings of the 34th Annual Hawaii International Conference on System Sciences.

[6]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.