Chapter - 25 Public Key Infrastructure
Mechanisms to revocate certificates
- CRL - OSCP
Certificate formats
- DER (Binary) - PEM (Base64 ASCII) - PEX (Binary) - P7B (Base64)
ExamAlert1
A CA is responsible for issuing certificates. Remember that an RA initially verifies a user's identity and then passes along to the CA the request to issue a certificate to the user.
Bridge CA model
A bridge CA connects mesh and hierarchical architectures together. This allows different companies to have their own trust architecture, and then have a single connection using a bridge CA. If the trust relationship needs to be broken, there is only a single point to manage. If the bridge is connecting to a hierarchical structure, then the trust is with the root CA.
Certificate policy
Indicates specific uses applied to a digital certificate and other technical details. Provides the rules that indicate the purpose and use of an assigned digital certificate. A certificate policy identifies the purpose for which a certificate can be used.
Certificate revocation
Revoking a certificate invalidates a certificate before its expiration date. Revoking a certificate is just not enough. The community that trusts this certificate must be notified that the certificate is no longer valid
A CPS includes the following items:
- Identification of the CA - Types of certificates issued and applicable certificate policies - Operating procedures for issuing, renewing, and revoking certificates - Technical and physical security controls that the CA uses
PKI protects information by providing the following
- Identity authentication - Integrity verification - Privacy assurance - Access authorization - Transaction authorization - Nonrepudiation support
OCSP stapling provides several benefits
- Improves the performance of the secure connection - Privacy concerns are reduced - Reliability is improved
A certificate policy includes:
- Legal issues often used to protect the CA - Mechanisms for how the CA will authenticate users - Key management requirements - Instructions for what to do if the private key is compromised - Lifetime of the certificate - Certificate enrollment and renewal - Rules regarding exporting the private key - Private and public key minimum lengths
The OCSP stapling process involves the following steps
1. A TLS-encrypted web server presents its certificate to the CA to check the validity. 2. The CA responds with the certificate status, including a digitally signed time stamp. 3. The web server staples the CA's signed time stamp to the certificate when a client web browser connects. 4. The client web browser verifies the signed time stamp
Certificate chaining:
1. The root certificate verifies certificate A. 2. Certificate A verifies certificate B. 3. Certificate B verifies certificate C. Also works in reverse
Online Certificate Status Protocol (OCSP)
An Internet protocol defined by the IETF that is used to validate digital certificates issued by a CA. OCSP was created as an alternative to certificate revocation lists (CRLs) and overcomes certain limitations of CRLs.
Digital certificate
An electronic document that includes the user's public key and the digital signature of the certificate authority (CA) that has authenticated the user. The digital certificate can also contain information about the user, the CA, and attributes that define what users are allowed to do with systems they access using the digital certificate.
Three types of validated TLS certificates exist, each with its own level of trust
Domain validation (DV) Organizational validation (OV) Extended validation (EV)
Personal information exchange (PFX) also known as PKCS#12.
Encoded certificates include .pfx and .p12. This type of certificate is common to the Windows operating system for importing and exporting certificates and private keys. PFX supports a private key, and one or more certificates can be stored within a single binary file
Cross certification model (web of trust)
In this model, CAs are considered peers to each other, and each CA establishs a peer-to-peer trust relationship with the others
Hierarchical CA trust model
In this model, an initial root CA exists at the top of the hierarchy, and subordinate CAs, or intermediate CAs, reside beneath the root. The subordinate CAs provide redundancy and load balancing in the event that any of the other CAs fail or need to be taken offline
Self-signed
Self-signed certificates are often used for testing purposes or when trust is not a concern. Certificates are typically signed by another entity or CA. When a web browser recognizes that a certificate is a self-signed certificate, it provides an alert to the user that the connection is not truste
Wildcard
This certificate provides any number of subdomains for a single registered domain. The name for the certificate thus might look like *.example.com, which would be valid for www.example.com, sub.example.com, and so on
Extended validation (EV)
This certificate type provides a high level of trust and security features. EV certificates are easily identified as the business name in the address bar is green. EV certificates are designed to provide assurance against phishing attacks.
Organizational validation (OV)
This certificate type provides stronger assurance than a DV certificate as organizations are vetted against official government sources; the OV certificate is therefore a common certificate type for many public-facing websites
P7B (PKCS#7)
This format uses the .p7b or .p7c file extension, which is commonly supported on the Windows operating system and Java Tomcat. This format includes the header BEGIN PKCS7 and the footer END PKCS7. Windows platforms.
Public and Private Key Usage
This public key is used to encrypt the data that is transmitted, and the corresponding private key is used on the other end to decrypt the message
Domain validation (DV)
This type of certificate includes only the domain name. DV certificates can easily be issued, just as a domain name lookup can easily be performed against whois, a database of registered domains.
This type of certificate is also known as an S/MIME (Secure/Multipurpose Internet Mail Extensions) certificate. An email certificate is required to digitally sign or encrypt email messages
Code signing
This type of certificate is required to digitally sign software packages. It provides assurance that the software is authentic and has not been tampered with
Subject Alternate Name (SAN)
This type of certificate takes advantage of the subject alternate name (SAN) extension. It provides for the use of multiple domain names or even IP addresses within a single certificate. This certificate is also known as a unified communications (UC) certificate
User
Known also as a client certificate, a user certificate identifies an individual. Just as a website's TLS certificate authenticates the website to a particular user, a user certificate can authenticate a user to a remote server.
Special certificates:
Wildcard
Certificate revocation list (CRL)
A list generated by a CA that enumerates digital certificates that are no longer valid and the reasons they are no longer valid.
Registration authority (RA)
A network authority that provides a CA with authentication of a client's certificate request and serves as an aggregator of information.
OCSP stapling
A process that helps reduce the certificate validity request load by allowing a web server to "staple" a time-stamped OCSP response as part of the TLS handshake with the client.
ExamAlert
A public key infrastructure consists of technologies and policies for the creation and use of digital certificates.
certificate signing request (CSR)
A request to apply for a digital certificate.
Difference from a root CA and a subordinate
A root CA differs from subordinate CAs in that the root CA is usually offline. Remember that if the root CA is compromised, the entire architecture is compromised. If a subordinate CA is compromised, however, the root CA can revoke the subordinate CA
Root signing
A root signing certificate is usually provided by a recognized CA. Organizations with a root signing certificate thus can sign for themselves any number of certificates. These certificates, in turn, are trusted by those outside the organization because web browsers include, by default, many trusted certificates for recognized CAs.
Key escrow
A situation in which a CA or another entity maintains a copy of the private key associated with the public key signed by the CA.
Certificate Authority (CA)
A system that issues, distributes, and maintains current information about digital certificates. Such authorities can be private (operated within a company or an organization for its own use) or public (operated on the Internet for public access). CA's job is to issue certificates, verify the holder of a digital certificate, and ensure that holders of certificates are who they claim to be.
Trust models
A trust is a relationship that allows a CA to trust a certificate issued by another CA. A trust path links several CAs together so that the trust relationship can extend beyond the two CAs that have formed a trust.
Your organization has developed a custom application that requires a check for the validity of digital certificates even when the Internet is not available. Which of the following meets this requirement?
A. CRL provides a mechanism to ensure the validity of digital certificates by using a list that must be updated every two weeks
Your organization has established a hierarchical PKI and deployed several CAs in the process. Which one of the following steps should your organization be sure to take?
A. Take the root CA offline.
What type of key goes into key escrow
C. Private
Chained hierarchy or certificate chain
CAs follow a chained hierarchy, or certificate chain, when verifying digital certificates, to form what's known as a chain of trust. Starting with a trust anchor, known as the root CA, certificates are trusted transitively through one or many certificates within the chain
ExamAlert3
Certificates rely on a hierarchical chain of trust. If a CA's root key is compromised, any keys issued by that CA are compromised as well.
Which of the following types of certificates allows you to digitally sign and encrypt email messages and attachments
D. S/MIME
ExamAlert10
DER and PFX certificates are binary encoded and cannot be edited with a plaintext editor, as the Base64 ASCII-encoded PEM and P7B certificates can.
ExamAlert9
DV certificates are the quickest and least expensive certificates to acquire. EV certificates can take a couple weeks and are the most expensive, but they also provide the highest level of trust.
Included within the request
Fully qualified domain name Legally incorporated name of the company Department name City, state, and country Email address
ExamAletr8
The applicant's public key is submitted along with the CSR.
Public Key Infrastructure (PKI)
Is a vast collection of varying technologies and policies for the creation and use of digital certificates. This infrastructure makes use of both types of keys and lays a foundation for binding keys to an identity via a certificate authority (CA). This system consists of digital certificates and the CAs that issue the certificates. These certificates identify individuals, systems, and organizations that have been verified as authentic and trustworthy
Certification Practice Statement (CPS)
It is a legal document that a CA creates and publishes for the purpose of conveying information to those who depend on the CA's issued certificates. The information within a CPS provides for the general practices the CA follows in issuing certificates and customer-related information about certificates, responsibilities, and problem management.
ExamAlert4
Key escrow is used for third-party custody of a private key.
Certificate pinning
Method that extends beyond normal certificate validation to help thwart on-path attacks.
ExamAlert2
The root CA should be taken offline to reduce the risk of key compromise. It should be made available only to create and revoke certificates for subordinate /intermediate CAs. A compromised root CA compromises the entire system.
Machine/computer
Much like a user certificate, a machine/computer certificate authenticates a client system. This type is primarily used with machine-to-machine communications
Certificate suspension
Occurs when a certificate is under investigation to determine whether it should be revoked
ExamAlert7
Remember the components of an X.509 certificate. You might be required to recognize the contents of a certificate.
Key usage extension
Specifies how the private key can be used—either to enable the exchange of sensitive information or to create digital signatures. In addition, the key usage extension can specify that an entity can use the key both for the exchange of sensitive information and for signature purposes.
Distinguished encoding rules (DER)
The binary form of a PEM certificate. In addition to the .der extension, .cer and .crt extensions can be used for DERencoded certificates. DER-encoded certificates are common on Java platforms.
Single-CA architecture
The model in which only one CA exists to issue and maintain certificates. This model might benefit smaller organizations because of its administrative simplicity, but it can present many problems
Privacy enhanced mail (PEM)
The most common format and extension for certificates. PEM format is a Base64 ASCII-encoded text file, which makes copying the contents from one document to another simple. A PEM file might contain several certificates and private keys within a single file. Apache platforms.
ExamAlert12
Using CRLs is not as efficient as OCSP. The lists need to be frequently updated and are not reliable if they are outdated.
Three basic status levels exist in most PKI solutions
Valid Suspended Revoked
X.509 certificates to be signed contain the following fields
Version Number Serial Number Signature Algorithm Identifier Issuer Name Period of Validity Subject or owner name Subject or Owner's Public Key Extensions Signature Value
ExamAlert11
When a certificate has expired, the client is likely to receive an error message saying that the website cannot be trusted. In some situations, users may not have the correct root certificates installed into their web browsers.
ExamAlert8
You can obtain another's public key (which is freely available to anyone) and use it to encrypt a message to that person. As a result, that person can use his or her private key, which no one else has, to decrypt the message. The public and private keys are mathematically related.