Public Key Infrastructure Flashcards

1
Q

What do certificate signatures provide? How?

A

Authenticity and Integrity. Authenticity, since only the CA could have signed it, and integrity as only the CA can modify it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What information might a certificate contain?

A

Your ID, Your public Key, Information about the CA, a signed part.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How would a CA sign a certificate?

A

Hash all the information (ID, Key, CA info), and then encrypt this hash using the CA’s private key. Then append this to the certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or false, certificates must be stored securely?

A

False, they can be made publicly available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the hierarchical CA model.

A

We have a trusted CA at the top, e.g. Verisign, and all certificates below are signed in in a tree form downwards. We can either have a monopoly, in which all the signing is done by a single CA, or have delegated CAs, which are signed by the main CA, and can sign instead of the main one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an oligarchy CA model?

A

Multiple CA trees, with different trusted CAs at the top. This is common on web browsers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who signs the root CA certificate? Why?

A

It signs it itself. This is so that we can still do an integrity check on it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an anarchy CA model?

A

We do not use trusted CAs, but instead decide ourselves who to trust. If someone we trust trusts someone else, then we can trust that person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is X.500?

A

A hierarchical electronic directory for mail and name lookup. X.509 specifies what format certificates must be in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why might a certificate be revoked? How do we know if a certificate has been revoked.

A

If the private key is compromised. If the user has stopped paying the CA. If the CA’s certificate has been compromised. If the certificate has expired.
We can check by using online services, or by looking at the signed list of revoked certificates which is periodically issued by the CA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly