Post

Cryptography - PKI - Public Key Infrastructure

Posted Updated
By Grace L
2 min read

[toc]

PKI Public Key Infrastructure

public key encryption’s major strength:

  • ability to facilitate communication between parties previously unknown to each other.
    • facilitate the secure electronic transfer of information for a range of network activities
      • such as e-commerce, internet banking and confidential email.
  • Made possible by (PKI) public key infrastructure 基础设施 hierarchy 等级制度 of trust relationships.
  • able to find and access public keys on demand.

A public key infrastructure (PKI)

  1. a set of roles, policies, and procedures needed
    • to create, manage, distribute, use, store, and revoke keys and digital certificates safely and securely.
  2. the component of PKI:
    • Certificate authority (CA):
      • the entity responsible for enrollment, creation, management, validation and revocation of digital certificates
      • key element in a PKI
    • Registration authority (RA):
      • the entity responsible for accepting info about a party wishing to obtain a certificate
      • RAs generally do not issue or manage certificates.
      • entities known as local registration authorities (LRAs) are delegated the ability to issue certificate by a CA.
    • Certificate revocation list (CRL):
      • a list of revoked certificates, published by CA.
    • Digital certificates:
      • prices of information.
      • Used to positively prove the identity.
    • Certificate distribution system:
      • a combination of software, hardware, services, and procedures used to distribute certificates.
      • A PKI is made up of hardware, applications, policies, services, programming interfaces, cryptographic algorithms, protocols, users, and utilities.
  3. implementing a PKI boils down to establishing a level of trust.
    • These trusts permit combining asymmetric cryptography with symmetric cryptography along with hashing and digital certificates, giving us hybrid cryptography.
    • Asymmetric encryption depends on the use of certificates for a variety of purposes:
      • protecting email and Internet traffic with SSL and TLS.
      • HTTPS sessions protect Internet credit card transactions, and these transactions depend on a PKI.
  4. primary benefit of a PKI:
    • allows two people or entities to communicate securely without knowing each other previously
    • allows communicate securely through an insecure public medium
      • like Internet
    • small groups:
      • possible for users to exchange public keys based on a previously established level of trust.
    • big organizations:
      • PKI provides solution: provides a mechanism through which keys can be generated and bound to a digital certificate that can be viewed and validated by all parties.
    • Example
      • establish a secure session with Amazon.com even if you’ve never done so before.
      • Amazon purchased a certificate from Symantec.
      • the certificate provides the ability to establish a secure session.
  5. public keys must be distributed or stored in a secure manner
    • prevents the keys from being tampered with or altered in any way.

.

13Cryptography, PKI
cryptography
This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.