Module 4 - PK Infrastructure
Module 4 - PK Infrastructure
Module 4 - PK Infrastructure
6.
User values 2.
Certificate authority
Algorithm
3.
5.
Key store 4.
1.The user registers for a digital certificate.
2.Some method is used to determine random values.
3.An algorithm generates a public/private key pair.
4.The key pair is stored in a key store on the workstation.
5.A copy of the public key and other identifying information is sent
to the CA.
6.The CA generates a digital certificate containing the public key
and the other identifying information.
7.The new certificate is sent to the user.
What is a Repository?
❑ general term that describes a centralized directory that can be
accessed by a subset of individuals
❑ usually LDAP-compliant
1. Compare the CA that digitally signed the certificate to a list of CAs that has
already been loaded into the receiver’s computer.
2. Calculate a message digest for the certificate.
3. Use the CA’s public key to decrypt the digital signature and recover what is
claimed to be the original message digest embedded within the certificate
(validating the digital signature).
4. Compare the two resulting message digest values to ensure the integrity of the
certificate.
5. Review the identification information within the
certificate, such as the e-mail address.
6. Review the validity dates.
7. Check the revocation list to see if the certificate has been revoked.
public key certificate (or identity certificate) that uses a digital signature to bind
together a public key with an identity
❑ CA certificates
❑ Cross-certification certificates
❑ Policy certificates CA
End-entity
CA
End-entity
certificates certificates
Router
PDA
Firewall
company
RA
Repository CA CA Repository RA
Company D
CA CA RA
RA Repository Repository
Company E Company F
Hierarchical Trust Model
❑ contains a root CA,
intermediate CAs, leaf CAs,
and end-entities
Peer-to-Peer Model Company A Company B
CA CA
Cross certification
❑ one CA is not subordinate creates a peer-to-peer
to another CA, and there PKI model.
is no established trusted
anchor between the CAs
involved CA
CA CA
Scalability is a CA CA
drawback in cross-
certification models. CA CA
CA
Hybrid Trust Model
❑ two companies have their Bridge
CA
own internal hierarchical
Root Root
models and are connected CA CA
Intermediate Intermediate
CA CA