Certificates

bridge trust model

CA does not issue digital certificates links hierarchical and distributed trust model together acts as a hub bridge doesn't issue certificates

what is the standard certificate

X.509

direct trust

a personal relationship exists between two individuals

hierarchical trust model

assigns one master CA called a root, which signs all digital certificate authorities with a single key

public key

available to everyone and freely distributed

third party trust

two individuals trust each other only because each trusts a third party

certificate repository (CR)

used to view certificate status

asymmetric encryption

uses 2 mathematical keys public and private

digital signature

verifies the sender, sender cannot disown the message, prove identity of the message

registration authority

verify identity of an individual receive, authenticate, and processes certificate revocation request

what is an example of a decentralized key management system?

web of trust model

types of digital certificates

class 1-5 dual-key sided dual sided

drawbacks of asymmetric encryption

computation is intensive (extremely slow)

protections of asymmetric cryptography

confidentiality integrity availability authenticity of the sender nonrepudiation

certificate life cycle

creation suspension revocation expiration

drawback of decentralized key management

doesn't allow the organization any control over employees' keys

renewal

don't renew all the time because key info could be stolen

certificate authority (CA)

generate, issue, distribute, and revoke public key certificates

key storage could either be in _____________________ or ______________________

hardware or software

centralized key management

keys being distributed by the CA

private key

known only to individual to whom it belongs

certificate revocation list

lists digital certificates that have been revoked

digital certificates prevents __________

man in the middle attacks that impersonates the owner of the public key

public key infrastructure (PKI)

manage digital certificates

suspension

may occur when employee is on a leave of absense

certificate practice statements (CPS)

more technical and more detail

distributed trust model

multiple Ca's sign digital certificates

if you need more security than a single set of pubic and private keys, you should use

multiple pairs of dual keys

web of trust model

no CA is involved

benefits of web browser management

no need to manually load information

creation

occurs after user is positively identified

if you want the message to be public, encrypt with

private key

certificate policy (CP)

provides a set of rules and baseline security requirements

I want to send a message. I want to keep it secret. What key do I use to encrypt?

public

if you want to keep the message private, encrypt with

public key

asymmetric encryption is also known as

public key cryptography

trust

reliance on another person/entity

destruction

remove user details, info, and keys

dual sided certificates

server and you have to authenticate yourself

escrow

split keys into halves you have one and someone else has the other

key recovery agent

stores all keys and certificates

what is the foundation of public key infrastructure (PKI)

trust

how can you tell who the sender is if they use a public key

digital signature

benefit of decentralized key management

easy to implement

what are some things on a digital certificate

expiration date public key owner's name

why would you revoke a certificate?

expired, private key has been lost/exposed, no longer used, details changed

class 1 certificates

for individuals, intended for email

class 2 certificates

for organizations, where proof of identity is required

class 3 certificates

for servers and software, checking identity and authority

expiration

key can no longer be used

if someone else wants to be the root, then what happens

1. performance bottle neck 2. if compromised, throw all certificates out

public key/private key encryption

Quantum Crypto Elliptic Curve Crypto RSA

digital certificate

binds public key to your identity has a trusted third party

key management can be either _______________ or ___________________

centralized or decentralized

technologies that manage digital certificates

certificate authority registration authority certificate repository certificate revocation list web browser management

revocation

certificate no longer valid

dual key sided certificates

certificate that has a key that's used for signing a message and another certificate that has a key to encrypt/decrypt the message

key handling procedures

escrow renewal recovery destruction expiration revocation suspension