3.9 Implement public key infrastructure Flashcards

1
Q

Public key infrastructure: what is a PKI ?

A

The process of managing every aspect of digital certification inc. create, distribute, manage, store & revoke digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Public key infrastructure: what is the key management lifecycle?

A

Key generation => certificate generation which associate a key to a user => distribution to make the key available to user => Storage (secure storage) => revocation => expiration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Public key infrastructure: what is a digital certificate ?

A

A digital certificate is a file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure. A digital certification binds a public key with a digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Public key infrastructure: what is a digitale signature ?

A

Digital signatures are like electronic “fingerprints.” In the form of a coded message, the digital signature securely associates a signer with a document in a recorded transaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Public key infrastructure: what is certificate authority ?

A

A certificate authority (CA) is a trusted entity that issues Secure Sockets Layer (SSL) certificates. These digital certificates are data files used to cryptographically link an entity with a public key. Web browsers use them to authenticate content sent from web servers, ensuring trust in content delivered online.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Public key infrastructure: how to get a CA ?

A

Create a key pair and send the public key to the CA. After verification, the CA will confirm that you are the person making the request and sign the certificate. This process is called CSR: certificate signing request.
Once done, you can put the certificate in your server and therefore it can be trusted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Public key infrastructure: what is a root CA ?

A

A Root CA is a Certificate Authority that owns one or more trusted roots (other CA). That means that they have roots in the trust stores of the major browsers. Intermediate CAs or Sub CAs are Certificate Authorities that issue off an intermediate root.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Public key infrastructure: what does RA do ?

A

Registration authority is the team in charge to identifies and authenticates the requester.
The can approve, reject and revoke a certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Public key infrastructure: what is inside a digital certificate ?

A

What authority issued the CA, the expiration date, attributes (CN etc )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Public key infrastructure: what are the attribute that can be find inside a digital certificate ?

A
  • Common name (CN): CN needs to match the domain name in the address bar, other msg “your connection is not private”
  • Expiration date (398 days max)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Public key infrastructure: how to revoke a digitale certificate ?

A

Revokation cen be provided via a CRL (certificate revocation list) which is a list of revoked certificate stored at the CA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Public key infrastructure: why revoke a digitale certificate ?

A
  • change attribute
  • security reason
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Public key infrastructure: what OCSP is for ?

A

Online Certificate Status Protocol can check certification revocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Certificates: what are the different types of certificates ?

A
  • Web server SSL certificates
  • Code signing certificates
  • Self-signed certificates
  • Machine and computer certificates
  • Email certificates
  • User certificates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Certificates: what a web server SSL certificates used for ?

A

It allows to encrypt communication to a web server. Also refers as Domain Validation (DV) certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Certificates: what is Extended validation (EV) certificate)?

A

Additional checks have verified the certificate owner’s identity

17
Q

Certificates: what are the attributes of a DV certificate ?

A
  • Subject Alternantive Name (X.509 extension) allowing a certificate to support many != domain
  • Wildcard domain
18
Q

Certificates: what a code signing certificates used for ?

A

Developers can provide a level of trust by signing their code.
When installing the software, the user’s OS will check the dev signature and validate that the software has nit been modified.

19
Q

Certificates: what a self-signed certificates used for ?

A

Internal certificate that don’t need to be signed by a public CA. Medium to large company use it when they are the nonly one that are going to use the certificates

20
Q

Certificates: what a machine & computer certificates used for ?

A

It is used to ensure that a device is trusted on an internal network

21
Q

Certificates: what email certificates used for ?

A

User use his private key to digitally sign an email. It ensures non-repudiation and integrity

22
Q

Certificates format: what is X.509 digital certificate ?

A

A standard format for digital certificate

23
Q

Certificates format: what are the != digital certificate format ?

A
  • DER: Distinguished Encoding Rules
  • PEM: Privacy-Enhanced Mail (used for mail and most common type)
  • PKCS 12: Public Key Cryptography Standards #12 (container format for many key)
  • CER: Certificate
  • PKCS 7: Public Key cryptography #7
24
Q

Certificate concepts: how to know the status of a certificate ?

A

Via OCSP (Online Certificate Status Protocol)

25
Q

Certificate concepts: what is a key escrow for ?

A

a neutral third party holding holding your decryption keys

Ex: government need to decrypt partner data etc

26
Q

Certificate concepts: what is the chain of trust (certificate chaining) ?

A

It list all the certificate between the server and the root CA

27
Q

Certificate concepts: explain how the chain of trust work (certificate chaining) ?

A

The chain starts with the SSL certificate and ends with the root certificate. Any certificate between the SSL certificate and the root certificate is a chain (or intermediate) certificate.