Secure methods of key management are extremely important. In practice,
most attacks on public-key systems will probably be aimed at the key
management levels, rather than at the cryptographic algorithm itself.
The key management issues mentioned here are discussed in detail in
later questions.
Users must be able to obtain securely a key pair suited to their
efficiency and security needs. There must be a way to look up other
people's public keys and to publicize one's own key. Users must have
confidence in the legitimacy of others' public keys; otherwise an
intruder can either change public keys listed in a directory, or
impersonate another user. Certificates are used for this purpose.
Certificates must be unforgeable, obtainable in a secure manner, and
processed in such a way that an intruder cannot misuse them. The
issuance of certificates must proceed in a secure way, impervious to
attack. If someone's private key is lost or compromised, others must be
made aware of this, so that they will no longer encrypt messages under
the invalid public key nor accept messages signed with the invalid
private key. Users must be able to store their private keys securely,
so that no intruder can find it, yet the keys must be readily
accessible for legitimate use. Keys need to be valid only until a
specified expiration date. The expiration date must be chosen properly
and publicized securely. Some documents need to have verifiable
signatures beyond the time when the key used to sign them has expired.
Although most of these key management issues arise in any public-key cryptosystem, for convenience they are discussed here in the context of RSA.