Organisational Security Flashcards
PEM
Privacy Enhanced Mail
BASE64 encoded DER certificate
ASCII human readable format so it isn’t modified by email system
DER
Distinguished Encoding Rules certificate binary format
Common for JAVA
PKCS #12
Public Key Cryptography Standards 12
Personal information exchange syntax standard
Container format for many certificates to store in .p12/.pfx file
Extended from MS format
PKCS#7
Cryptographic Message Syntax Standard with .p7b files
ASCII human readable
Certificates and chain certificates
Windows, Java format
PKI operational considerations?
Generation
Exchange
Storage
Use
Destruction
Replacement
PKI design considerations?
Protocol
Key Servers
User procedures
Certificate Authority (CA)
Creates certificates and owns the policies
Subordinate/intermediate CA
Also known as Registration Authority sits below the route
Regularly issued certificates
Has ability to revoke
CRL
Certificate Revocation List
OSCP
Online Certificate Status Protocol
Faster way to check a status y submitting request to CA rather than checking file
CSR
Certificate Signing Request
Is the message sent to the CA with information to get a certificate created
SAN (certificates)
Subject Alternative Domain
Multiple domains/IP in single certificate
Wildcard (certificate)
Multiple servers in a domain
Root Certificate
The trust anchor of the whole chain of trust. Root authorities RA regularly held offline
Stapling
Used by web server to provide validity of its own certificate essentially using OCSP response in advance
