CH26 Public Key Infrastructure Flashcards
What is Public Key Infrastructure (PKI)?
An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption
PKI and public key encryption are related but they are not the same thing.
When we are talking about PKI, this is the system that creates the asymmetrical key pairs that consist of those public and private keys that are used in the encryption and decryption process, as well as managing those key pairs to make sure they’re valid and can be trusted.
When we talk about Public Key Cryptography, we are just talking about the encryption and decryption process. It’s a small part of the overall PKI architecture.
How does PKI create a secure SSL/TLS tunnel?
a client generates text that it wants to send to a hosting server.
a client encrypts the data using server’s public key.
encrypted message reaches the server.
server decrypts the message using its private key.
the server can read the decrypted content of the message
What is a Certificate Authority?
a trusted third party who will issue digital certificates and keep the trust between all of the certificate authorities around the world.
Certificate Signing Request (CSR) is submitted to the CA (certificate authority) to request digital certificate
What is Digital Certificates ?
Digitally-signed electronic documents that bind a public key with a user’s identity.
X.509 – Standard used by PKI for digital certificates and contains the owner/users information and the certificate authority’s information
Digital certificates are usually based on the X.509 standard but the certificate itself must be encoded before it can be used.
What is Wildcard certificates ?
allow all of the subdomains to use the same public key certificate and have it displayed as valid
What does Subject Alternatives Names (SAN) do?
Allows a certificate owner to specify additional domains and IP addresses to be supported
What is Single-sided certificate?
only require the server to be validated
What is Dual-sided certificate?
require both the server and the user to be validated
What are the 3 different encoding methods that are classified under the X.690 standard?
- Basic Encoding Rules (BER) – original ruleset governing the encoding of data structures for certificates where several different encoding types can be utilized.
For the exam : remember that BER has the ability to have multiple encoding types.
- Canonical Encoding Rules (CERT) – a restricted version of the BER that only allows the use of only one encoding type.
- Distinguished Encoding Rules (DER) – Restricted version of the BER which allows one encoding type and has more restrictive rules for length, character strings, and how elements of a digital certificate are stored in X.509
What is PEM?
PEM = Privacy-enhanced Electronic Mail (.pem)
digital certificate that is used for the DER encoding method.
File extensions : .pem, .cer, .crt, or .key
What is P12?
Public Key Cryptographic System #12 (PKCS#12)
digital certificate that is used to store a server certificate, and intermediate certificate, and a private key in one encrypted file
File extension : .p12
What is PFX ?
Personal Information Exchange (.pfx)
Digital Certificate used by Microsoft for release signing
File extension : .pfx
What is P7B ?
Public Key Cryptographic Systems #7 (PKCS #7)
Digital Certificate used as a basis for S/MIME, the secure email protocol. Also used as a single sign on.
File extension : .p7b
What are the file types associated with PKI ?
For the exam : remember that .pem, .cer, .crt, .key, .p12, .pfx, .p7b file types are associated with PKI.
What is Registration Authorities (RA) ?
Used to verify information about a user prior to requesting that a certificate authority issues the certificate.
