Public Key Infrastructure in Windows Rights Management Services

Windows Rights Management Services (RMS) relies on public key infrastructure (PKI) to protect the confidentiality of data flowing through the system and to verify the identities of users, computers, and software components in the system. RMS employs several important PKI concepts, including public key encryption, certificate authorities, and digital certificates.

Public Key Encryption

Public key encryption enables users to encrypt data so that it can only be read by intended recipients, and to digitally “sign” data so that other users can verify the identity of the data’s source.

Public key encryption involves a pair of related keys: a public key and a private key. Data encrypted with the public key can only be decrypted with the corresponding private key. The reverse also holds: data encrypted with the private key can only be decrypted with the corresponding public key. As the names would suggest, users distribute their public keys widely, but keep their private keys secret.

To send confidential data, the sender encrypts the data with the recipient’s public key. To read the data, the recipient decrypts it with his private key, which is kept secret.