Section 26: Public Key Infrastructure Flashcards
Public Key Infrastructure
An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption
PKI and Keys
It’s all creating public and private keys that can be used and making sure they’re valid and can be trusted
Certificate Authority
Third party that validates this PKI process with the keys
Certificate
Digitally signed electronic documents that bind a public key with a user’s identity
X.509
Standard used PKI for digital certificates and contains the owner/users information and the certificate authority’s information
How do you get a digital certificate?
You have to buy it
Wildcard Certificates
Easier to manage. Allow all of the subdomains to use the same public key certificate and have it displayed as valid
Subject Alternative Name (SAN)
Allows a certificate owner to specify additional domains
Single sided certificates
Only require the server to be validated
Dual sided certificates
Require both the server and the user to be validated
Three encoding methods
BER, CER, DER
File Types for certificates
PEM, CER, CRT or KEY, P12, PFX, P7B (sso or email) (just remember these are associated with PKI)
Registration Authority
Used to verify certificates
Certificate Authorities
Verisign, Digisign, and many others act as Root CA
Certificate Revocation List (CRL)
An online list of digital certificates that he certificate authority has revoked