3.9 Implement public key infrastructure Flashcards
Public key infrastructure: what is a PKI ?
The process of managing every aspect of digital certification inc. create, distribute, manage, store & revoke digital certificate
Public key infrastructure: what is the key management lifecycle?
Key generation => certificate generation which associate a key to a user => distribution to make the key available to user => Storage (secure storage) => revocation => expiration
Public key infrastructure: what is a digital certificate ?
A digital certificate is a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure. A digital certification binds a public key with a digital signature
Public key infrastructure: what is a digitale signature ?
Digital signatures are like electronic “fingerprints.” In the form of a coded message, the digital signature securely associates a signer with a document in a recorded transaction.
Public key infrastructure: what is certificate authority ?
A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates. These digital certificates are data files used to cryptographically link an entity with a public key. Web browsers use them to authenticate content sent from web servers, ensuring trust in content delivered online.
Public key infrastructure: how to get a CA ?
Create a key pair and send the public key to the CA. After verification, the CA will confirm that you are the person making the request and sign the certificate. This process is called CSR: certificate signing request.
Once done, you can put the certificate in your server and therefore it can be trusted
Public key infrastructure: what is a root CA ?
A Root CA is a Certificate Authority that owns one or more trusted roots (other CA). That means that they have roots in the trust stores of the major browsers. Intermediate CAs or Sub CAs are Certificate Authorities that issue off an intermediate root.
Public key infrastructure: what does RA do ?
Registration authority is the team in charge to identifies and authenticates the requester.
The can approve, reject and revoke a certificate
Public key infrastructure: what is inside a digital certificate ?
What authority issued the CA, the expiration date, attributes (CN etc )
Public key infrastructure: what are the attribute that can be find inside a digital certificate ?
- Common name (CN): CN needs to match the domain name in the address bar, other msg “your connection is not private”
- Expiration date (398 days max)
Public key infrastructure: how to revoke a digitale certificate ?
Revokation cen be provided via a CRL (certificate revocation list) which is a list of revoked certificate stored at the CA.
Public key infrastructure: why revoke a digitale certificate ?
- change attribute
- security reason
Public key infrastructure: what OCSP is for ?
Online Certificate Status Protocol can check certification revocation
Certificates: what are the different types of certificates ?
- Web server SSL certificates
- Code signing certificates
- Self-signed certificates
- Machine and computer certificates
- Email certificates
- User certificates
Certificates: what a web server SSL certificates used for ?
It allows to encrypt communication to a web server. Also refers as Domain Validation (DV) certificate