3.9 Given a scenario, implement public key infrastructure. Flashcards

1
Q

HPKP

A

HTTP Public Key Pinning (HPKP) is a method of trusting digital certificates to bypass the CA hierarchy and chain of trust and minimize MitM attacks. The client stores a public key that belongs (or is pinned) to a web server. If visiting again and the key does not exist in the certificate chain, a warning is presented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CRL

A

A Certificate Revocation List (CRL) is a list of certificates revoked before their expiration date. It does not prevent a Man-in-the-Middle (MitM) attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CSR

A

A Certificate Signing Request (CSR) is a Base64 ASCII file sent by a subject to a CA to get a certificat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

OCSP

A

Online Certificate Status Protocol (OCSP) checks the status of an individual certificate rather than the whole CRL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

.P12

A

The Public Key Cryptography Standards (PKCS) #12 or .P12 format allows the export of the private key with the certificate. This would be used either to transfer a private key to a host that could not generate its own keys, or to back up/archive a private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

.PFX

A

The .PFX extension uses the same binay format as .P12 and is commonly used in Windows. MacOS and iOS commonly use the .P12 extension.
A PFX, .pfx, or .p12 extension allows the export of a certificate along with its private key and is password protected. This is used to archive or transport a private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

P7B

A

The P7B format is a means of bundling multiple certificates in the same file, often often used to deliver a chain of certificates. P7B files do not contain the private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PKCS #7

A

PKCS #7 is the P7B format and is represented in Linux as a .PEM extension.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a wildcard certificate used for?

A

A wildcard certificate is issued to the parent domain and will be accepted as valid for all subdomains because all are listed in one. These will reduce work to produce individual certificates for each.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Certificate Pinning

A

Pinning refers to several techniques to ensure it is inspecting the proper certificate when a client inspects the certificate presented by a server or a code-signed application. An example of this is submitting multiple public keys to an HTTP browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

domain validation

A

Domain Validation (DV) is proving the ownership of a domain, which may be proved by responding to an email to the authorized point of contact. This process is highly vulnerable to compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SAN

A

Subject Alternative Name (SAN) is an extension field on a web server certificate using multiple subdomain labels to support the identification of the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly