Public key infrastructure (PKI)

A Public key infrastructure is a system that incorporates asymmetric encryption and certificate to provide security. There are two principals actors: The client and the certificate authority(CA). The Cryptographic Service Provider (CSP) on the client side generates the key pair. Once the key pair has been generated, the client will keep the private key and send the public key with the certificate request to the CA. The client will use its private key to digitally sign that message. At this stage, the CA will either approve or deny the request. The Registration authority (RA) is another entity that can proxy certificate request to the CA on behalf of the client. When a certificate has been compromised it is revoked in the CA and updated to the Certificate Revocation List (CRL). The disadvantages of a certificate being revoked are that client has to go to the full list of what they are looking for. With the Online Certificate Status Protocol (OSCP), we only check for the validity of individual certificate without going to the full list thus improving performance. The standard for the certificate is the X.509 standard.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s