Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cryptography > 10 - Digital Certificates > Flashcards

10 - Digital Certificates Flashcards

1
Q

Man in the middle attack (public key context)

A

For example, change the public key server to have attacker public key then intercept/decrpyt communications and re-encrypt then pass onto the original destination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Digital signature think of it as

A

“I certify that Bob’s public key is …”

Signed by someone trustworthy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Public Key Management Issues

A
  • Pub keys have to be distributed
  • How do we trust that the key belongs to the person it claims?
  • How to revoke a public key? (Compromised private keys for example)
  • Keys might have an expiry date
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Public keys are usually distributed as…

A

Digital certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Digital Certificates contain:

A
  • Public Key (and which algo)
  • Info on identity of the key owner
  • One or more digital signatures from entities confirming the public key belongs to the owner
  • other info
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Methods for distributing public keys for individuals

A
  • Manually or by email etc
  • Publish on your webpage
  • Certificate servers/directory servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Methods for distributing public keys for organisations

A
  • Public Key Infrastructure (CAs etc)
  • ## Once the cert is issues, org can store on own webserver and send to any client
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Digital Certificate formats

A
  • X.509
  • OpenPGP (commonly used by individuals)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Publishing to a Certification Authority (and Registration Authority)

A
  • Create key pair
  • Submit pub key to CA
  • RA associated to the CA verifies the identity (RA is human entity)
  • CA issues a certificate which is signed using the CA’s private key.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Domain Validation

A

CA only checks that you control the domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Organisation validation

A

CA also checks existence of the organisation that claims to own the domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Extended Validation

A

CA performs extended checks on the org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Who issues the certificate of a CA?

A
  • Other CAs in a hierarchical structure
  • CAs sign each other certificates
  • CAs sign their own certificates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Certificate Revocation

A

If a private key has been compromised, the certificate should be revoked:

  • Communicate revocation to CA
  • Certificate Revocation Lists (CRL) are posted on cert servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Browsers and CAs

A

Browsers tore a list of trusted CA’s w/ their certs and public keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Mediums for storing the private key

A
  • Smartcard/USB Token can be combined with PIN/password or biometric
  • Save manually on removeable storage device
  • On the compuiter’s hard drive, encrypted with a passphrase. Strength of pass has to be alike to key strength
  • allow 3rd party to generate and store keys
17
Q

Storing private keys in high security orgs

A

Use specialised hardware:
- HSM (HW Sec Module)
- TPM - Trusted Platform Module

cryptography (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions