Public Key Infrastructure Flashcards
What do certificate signatures provide? How?
Authenticity and Integrity. Authenticity, since only the CA could have signed it, and integrity as only the CA can modify it.
What information might a certificate contain?
Your ID, Your public Key, Information about the CA, a signed part.
How would a CA sign a certificate?
Hash all the information (ID, Key, CA info), and then encrypt this hash using the CA’s private key. Then append this to the certificate.
True or false, certificates must be stored securely?
False, they can be made publicly available.
Describe the hierarchical CA model.
We have a trusted CA at the top, e.g. Verisign, and all certificates below are signed in in a tree form downwards. We can either have a monopoly, in which all the signing is done by a single CA, or have delegated CAs, which are signed by the main CA, and can sign instead of the main one.
What is an oligarchy CA model?
Multiple CA trees, with different trusted CAs at the top. This is common on web browsers.
Who signs the root CA certificate? Why?
It signs it itself. This is so that we can still do an integrity check on it.
What is an anarchy CA model?
We do not use trusted CAs, but instead decide ourselves who to trust. If someone we trust trusts someone else, then we can trust that person.
What is X.500?
A hierarchical electronic directory for mail and name lookup. X.509 specifies what format certificates must be in.
Why might a certificate be revoked? How do we know if a certificate has been revoked.
If the private key is compromised. If the user has stopped paying the CA. If the CA’s certificate has been compromised. If the certificate has expired.
We can check by using online services, or by looking at the signed list of revoked certificates which is periodically issued by the CA.
