chapter01
Chapter 6 Outline
I. The Basics of Public Key Infrastructures
A. A PKI is a structure that provides all the necessary components to enable different users and entities to communicate in a secure and a predictable manner.
1. A PKI is made up of hardware, applications, policies, services, programming interfaces, cryptographic algorithms, protocols, users, and utilities.
2. These components work together to allow communication using public key cryptography and symmetric keys for digital signatures, data encryption, and integrity.
B. In PKI environments, entities called registration authorities and certificate authorities require proof of identity from individuals requesting a certificate, which will then be validated.
1. The registration authority will then advise the certificate authority to generate a certificate, which is analogous to a driver's license.
2. The certificate authority will digitally sign the certificate using its private key. This is commonly referred to as a third-party trust model.
II. Certificate Authorities
A. The certificate authority (CA) is the trusted authority for certifying individuals' identities and creating an electronic document indicating that individuals are who they say they are.
B. This electronic document is referred to as a digital certificate. It establishes an association between the subject's identity and a public key. The private key that is paired with the public key in the certificate is stored separately.
C. The CA is made up of the software, hardware, procedures, policies, and people who are involved in validating individuals' identities and generating the certificates. This means that if one of these components is compromised, it can negatively affect the CA and threaten the integrity of the certificates it produces.
D. Every CA should have a certification practices statement (CPS) that outlines how identities are verified, the steps the CA follows to generate, maintain, and transmit certificates, and why the
I. The Basics of Public Key Infrastructures
A. A PKI is a structure that provides all the necessary components to enable different users and entities to communicate in a secure and a predictable manner.
1. A PKI is made up of hardware, applications, policies, services, programming interfaces, cryptographic algorithms, protocols, users, and utilities.
2. These components work together to allow communication using public key cryptography and symmetric keys for digital signatures, data encryption, and integrity.
B. In PKI environments, entities called registration authorities and certificate authorities require proof of identity from individuals requesting a certificate, which will then be validated.
1. The registration authority will then advise the certificate authority to generate a certificate, which is analogous to a driver's license.
2. The certificate authority will digitally sign the certificate using its private key. This is commonly referred to as a third-party trust model.
II. Certificate Authorities
A. The certificate authority (CA) is the trusted authority for certifying individuals' identities and creating an electronic document indicating that individuals are who they say they are.
B. This electronic document is referred to as a digital certificate. It establishes an association between the subject's identity and a public key. The private key that is paired with the public key in the certificate is stored separately.
C. The CA is made up of the software, hardware, procedures, policies, and people who are involved in validating individuals' identities and generating the certificates. This means that if one of these components is compromised, it can negatively affect the CA and threaten the integrity of the certificates it produces.
D. Every CA should have a certification practices statement (CPS) that outlines how identities are verified, the steps the CA follows to generate, maintain, and transmit certificates, and why the