Certificates
bridge trust model
CA does not issue digital certificates links hierarchical and distributed trust model together acts as a hub bridge doesn't issue certificates
what is the standard certificate
X.509
direct trust
a personal relationship exists between two individuals
hierarchical trust model
assigns one master CA called a root, which signs all digital certificate authorities with a single key
public key
available to everyone and freely distributed
third party trust
two individuals trust each other only because each trusts a third party
certificate repository (CR)
used to view certificate status
asymmetric encryption
uses 2 mathematical keys public and private
digital signature
verifies the sender, sender cannot disown the message, prove identity of the message
registration authority
verify identity of an individual receive, authenticate, and processes certificate revocation request
what is an example of a decentralized key management system?
web of trust model
types of digital certificates
class 1-5 dual-key sided dual sided
drawbacks of asymmetric encryption
computation is intensive (extremely slow)
protections of asymmetric cryptography
confidentiality integrity availability authenticity of the sender nonrepudiation
certificate life cycle
creation suspension revocation expiration
drawback of decentralized key management
doesn't allow the organization any control over employees' keys
renewal
don't renew all the time because key info could be stolen
certificate authority (CA)
generate, issue, distribute, and revoke public key certificates
key storage could either be in _____________________ or ______________________
hardware or software
centralized key management
keys being distributed by the CA
private key
known only to individual to whom it belongs
certificate revocation list
lists digital certificates that have been revoked
digital certificates prevents __________
man in the middle attacks that impersonates the owner of the public key
public key infrastructure (PKI)
manage digital certificates
suspension
may occur when employee is on a leave of absense
certificate practice statements (CPS)
more technical and more detail
distributed trust model
multiple Ca's sign digital certificates
if you need more security than a single set of pubic and private keys, you should use
multiple pairs of dual keys
web of trust model
no CA is involved
benefits of web browser management
no need to manually load information
creation
occurs after user is positively identified
if you want the message to be public, encrypt with
private key
certificate policy (CP)
provides a set of rules and baseline security requirements
I want to send a message. I want to keep it secret. What key do I use to encrypt?
public
if you want to keep the message private, encrypt with
public key
asymmetric encryption is also known as
public key cryptography
trust
reliance on another person/entity
destruction
remove user details, info, and keys
dual sided certificates
server and you have to authenticate yourself
escrow
split keys into halves you have one and someone else has the other
key recovery agent
stores all keys and certificates
what is the foundation of public key infrastructure (PKI)
trust
how can you tell who the sender is if they use a public key
digital signature
benefit of decentralized key management
easy to implement
what are some things on a digital certificate
expiration date public key owner's name
why would you revoke a certificate?
expired, private key has been lost/exposed, no longer used, details changed
class 1 certificates
for individuals, intended for email
class 2 certificates
for organizations, where proof of identity is required
class 3 certificates
for servers and software, checking identity and authority
expiration
key can no longer be used
if someone else wants to be the root, then what happens
1. performance bottle neck 2. if compromised, throw all certificates out
public key/private key encryption
Quantum Crypto Elliptic Curve Crypto RSA
digital certificate
binds public key to your identity has a trusted third party
key management can be either _______________ or ___________________
centralized or decentralized
technologies that manage digital certificates
certificate authority registration authority certificate repository certificate revocation list web browser management
revocation
certificate no longer valid
dual key sided certificates
certificate that has a key that's used for signing a message and another certificate that has a key to encrypt/decrypt the message
key handling procedures
escrow renewal recovery destruction expiration revocation suspension