Public Key Infrastructure

Question 1

Certificate

Answer 1

Digitally signed electronic documents that bind a public key with a users identity.

X.509 - PKI standard that often uses Single Sign On (SSO) authentication

Question 2

Certificate authority (CA)

Answer 2

The entity that issues certificates to users. It is a 3rd party that negotiates the security of the connection between you and your website.

Also responsible for verifying the identity of the recipient of the certificate

Question 3

mapping

Answer 3

It’s one to one mapping if an individual certificate is mapped to a recipient

It’s many to one mapping if multiple certificates are mapped to a recipient

Question 4

Registration authority

Answer 4

Used to verify requests for certificates.

If the request is valid the RA tells the CA to issue the certificate

Question 5

Certificate revocation list (CRL)

Answer 5

A list of certificates that are no longer valid or have been revoked by the user

Question 6

Online Certificate Status Protocol (OCSP)

Answer 6

Alternative to CRL but contains less information

It doesn’t require encryption so it’s less secure

Question 7

Key escrow

Answer 7

A secure copy of a users private key is held just Incase it is lost.

Question 8

Key recovery agent

Answer 8

Allows the restoration of keys If they are lost or corrupted

This has to be set up on windows server