Professional Documents
Culture Documents
Basic Terms
Public Key Cryptographic Standards, PKCS
A collection of 12 papers PKCS #1 to PKCS #12 developed by RSA Labs and representatives from the academia and industry. PKCS #1 RSA Algorithm PKCS #3 Diffie-Hellman Algorithm PKCS #7 Cryptographic Message Syntax Std PKCS #10 Key Certification Request PKCS #11 Standard API for developers PKCS #12 Certificate Interchange Format PKCS #13 Elliptic Curves Algorithm
Basic Terms
Digital Signatures
DSS issued by NIST
Digital Certificates
Certificates are the framework for identification information, and bind identities with public keys. They provide a foundation for identification , authentication and non-repudiation.
4
Server
Developer
5
X.509 Profiles
Tailor the authentication model of X.509 to specific environments based on Risk perception. IETF Public Key Infrastructure (PKIX -1) : Application-independent certificate based key distribution mechanism. SET Standard : Secure messaging for payment-service transactions over open-networks.
Certification Authorities
Trusted organization that issues certificates and maintains status information about certificates. Certification Practice Statement
10
11
12
Client Authentication
Anonymous Basic Challenge Response (NT) SSL Client Authentication
13
Subject Authentication
Confirm the identity of the subject Based on the class of certificate Local Registration Authority(LRA) model
End Entity
Request Enrolment Renewal
CA
Certificate Issuance Revocation Suspension Renewal Repository
LRA
Get Certificate Applications Authentication Generate Key Pairs Revocations
15
Importing a Certificate
To send an encrypted message or document to a person who has a certificate. From a Certification Authority From a Directory Service (LDAP) From a signed message From a local file (encoded Binary PKCS #7)
16
PKCS #7 syntax for SignedData type ASN.1objects are encoded using BER/DER.
18
Certificate Management
Value and Validity of Certificates will be questioned Cross Certification (Multiple CAs)
Top-Down Hierarchical Structure
20
Applications of Certificates
Sandbox Code Signing Vs Shrink-Wrapped Software
Accountability and Authenticity Microsoft Authenticode 1.0
based on X.503 v3 and PKCS #7 Commercial Vs Individual Publishers
Object Signing
Netscapes technology Signs any kind of Files
21
Applications (continued)
Secure Messaging & S/MIME Web Server Security
Microsoft ASP for Access Control
22