Public Key Infrastructure Flashcards

1
Q

PKI

A

Public Key Infrastructure:
An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption

PKI and public key encryption are related but they are not the same thing

PKI is the entire system and just uses public key cryptography to function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Certificates

A

Digitally-signed electronic documents that bind a public key with a user’s identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

X.509

A

Standard used PKI for digital certificates and contains the owner/user’s information and the certificate authority’s information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Wildcard Certificates

A

Allow all of the subdomains to use the same public key certificate and have it displayed as valid

Wildcard certificates are easier to manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Subject Alternative Name (SAN)

A

Subject Alternative Name:

Allows a certificate owner to specify additional domains and IP addresses to be supported

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Single vs. Dual-sided Certificates

A

Single-sided certificates only require the server to be validated

Dual-sided certificates require both the server and the user to be validated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

X.690

A

Uses BER, CER, & DER for encoding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Basic Encoding Rules (BER)

A

Basic Encoding Rules:
The original ruleset governing the encoding of data structures for certificates where several different encoding types can be utilized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Canonical Encoding Rules (CER)

A

Canonical Encoding Rules:

A restricted version of the BER that only allows the use of only one encoding type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Distinguished Encoding Rules (DER)

A

Distinguished Encoding Rules:
Restricted version of the BER which allows one encoding type and has more restrictive rules for length, character strings, and how elements of a digital certificate are stored in X.509

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

File Formats: Privacy-enhanced Electronic Mail

A

.pem
.cer
.crt
.key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

File Formats: Public Key Cryptographic System #12 (PKCS#12)

A

.p12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

File Formats: Personal Information Exchange

A

.pfx

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

File Formats: Public Key Cryptographic Systems #7 (PKCS#7)

A

.p7b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Registration Authority (RA)

A

Receives certificate signing requests
Validates users/devices requesting the certificate
Revokes credentials if certificate is no longer valid
Requests certificates from the CA if the applicant complies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Certificate Authority

A

The entity that issues certificates to a user

Verisign, Digisign, and many others act as Root CA

17
Q

Certificate Revocation List (CRL)

A

An online list of digital certificates that the certificate authority has revoked

18
Q

Online Certificate Status Protocol (OCSP)

A

A protocol that allows you to determine the revocation status of a digital certificate using its serial number

19
Q

OCSP Stapling

A

Allows the certificate holder to get the OCSP record from the server at regular intervals and include it as part of the SSL or TLS handshake

Speeds up secure tunnel creation process

20
Q

Public Key Pinning

A

Allows an HTTPS website to resist impersonation attacks by presenting a set of trusted public keys to the user’s web browser as part of the HTTP header

21
Q

Key Escrow & Key Recovery Agent

A

Key Escrow:
Occurs when a secure copy of a user’s private key is held in case the user accidently loses their key

Key Recovery Agent:
A specialized type of software that allows the restoration of a lost or corrupted key to be performed

22
Q

Web of Trust

A

A decentralized trust model that addresses issues associated with the public authentication of public keys within a CA-based PKI system

A peer-to-peer model

Certificates are created as self-signed certificates

Pretty Good Privacy (PGP) is a web of trust