PKI-Public Key Infrastructure is a two-key asymmetric system. Messages are encrypted with a public key and decrypted with a private key. Symmetric (private) key systems use one key for en/decryption. While implementations are not necessarily compatible, the main purpose of PKI is to provide interoperability across vendors, systems and networks. This tutorial reviews CA-Certificate Authority responsible for issuing, distributing and revoking certificates. Both public and private CAs exist.
- Inside a X.509 certificate (example only) Certificate: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Algorithm ID: md5WithRSAEncryption Issuer: ABC OU=Certification Services Division, Validity Not Before: Jan 1 00:00:00:00 2009 GMT Not After : Jun 1 00:00:00:00 2009 GMT Subject: Critical Update Subject Public Key Info: Public Key Algorithm: rsaEncryption Subject Public Key Issuer Unique Identifier (Optional) Certificate Signature Algorithm: md5WithRSAEncryption Certificate Signature
The CSP-Certificate Statement Practice is the document which determines the contents of the certificate. Certificate revocation is the process of terminating a certificate before it expires. The owner of the certificate can revoke a certificate at anytime via OCSP-Online Certificate Status Protocol or the CRL-Certification Revocation List which is updated hourly, daily, etc and is distributed to the PKI (explained next).
- RA-Registration Authority - off-loads from CA - accepts registrations, distributes keys, validates identities - LRA-Local RA - establishes identity of individual
There are four types of Trust Models in PKI-Public Key Infrastructure - Hierarchical - Bridge - Hybrid - Mesh (shown here)
Nenhum comentário:
Postar um comentário
Agradecemos sua participação.