|
|
|
|
|
|
|
PKI Fundamentals |
|
|
- What is Public Key Infrastructure?
- Components of a PKI
- Public Key Infrastructure is Personnel, Policy, Procedures, and a core (public/private key) technology to bind users to digital identifications so that applications can provide the desired security services.
- Responsible for all aspects of certificate issuance and
certificate management.
- Identification and authentication of subscribers
- Registration
Certificate manufacture
Certificate publication
Certificate revocation
Certificate renewal/re-key
CA's are often grouped into hierarchical levels
Registration Authority (RA) - Authorizes creation of a
certificate and provides validated user information to the
CA.
- Entity that enters into an agreement with a Certificate
Authority to collect and verify the subscriber's identity an
other information to be entered into the digital
certificate.
- RA's are sometimes grouped into hierarchies
- Local Registration Authority (LRA)
- Existing constructs sometimes used to perform this
function
Subscriber - Person (end user) who requests and uses a
digital certificate.
- Subscriber/User an individual who owns a digital
certificate (digital identity).
- Digital certificates may be stored in various formats.
- Software (floppy disk, file on computer)
- Hardware (Smart Card)
Relying Party Application and/or user who trusts the
certificate.
Directory (Repository) Device used to store and
retrieve digital certificates and Certificate Revocation
Lists (CRL's). A CRL is a list of non-valid (revoked)
certificates.
- The directory is used for storing and retrieving
certifications or other information relevant to digital
certificates and certificate revocation lists.
- Analogous to a phone book
- Searchable
- Typical Uses
- Finds and retrieves the certificate of an individual in
order to send an encrypted email
- Obtains a CRL
|
|
|
