private key;security;expiration;authentication;cryptography">
Secure methods of key management are extremely important. In practice, most attacks on public-key systems will probably be aimed at the key management level, rather than at the cryptographic algorithm itself. The key management issues mentioned here are discussed in detail in later questions.
Users must be able to securely obtain a key pair suited to their efficiency and security needs. There must be a way to look up other people's public keys and to publicize one's own key. Users must have confidence in the legitimacy of others' public keys; otherwise, an intruder can either change public keys listed in a directory, or impersonate another user. Certificates are used for this purpose (see Question 123). Certificates must be unforgeable, obtainable in a secure manner, and processed in such a way that an intruder cannot misuse them. The issuance of certificates must proceed in a secure way, impervious to attack.
If someone's private key is lost or compromised, others must be made aware of this, so that they will no longer encrypt messages under the invalid public key nor accept messages signed with the invalid private key. Users must be able to store their private keys securely, so that no intruder can find them, yet the keys must be readily accessible for legitimate use. Keys need to be valid only until a specified expiration date. The expiration date must be chosen properly and publicized in an authenticated channel. Some documents need to have verifiable signatures beyond the time when the key used to sign them has expired.