A Public key infrastructure is a system that incorporates asymmetric encryption and certificate to provide security. There are two principals actors: The client and the certificate authority(CA). The Cryptographic Service Provider (CSP) on the client side generates the key pair. Once the key pair has been generated, the client will keep the private key and send the public key with the certificate request to the CA. The client will use its private key to digitally sign that message. At this stage, the CA will either approve or deny the request. The Registration authority (RA) is another entity that can proxy certificate request to the CA on behalf of the client. When a certificate has been compromised it is revoked in the CA and updated to the Certificate Revocation List (CRL). The disadvantages of a certificate being revoked are that client has to go to the full list of what they are looking for. With the Online Certificate Status Protocol (OSCP), we only check for the validity of individual certificate without going to the full list thus improving performance. The standard for the certificate is the X.509 standard.
Published by Guy Ngongang on information security
I am an Information security Engineer with a strong background in network and Cloud computing. I have done work With FTK imager and enjoy improving my know-how in my spare time. My aim is to fight cybercriminal and help end users to enjoy the Internet freely View more posts