 |
 |
| Please note, that the Knowledge Base isn't translated to english completely at the moment. You will still find some german texts - we are translating permanently the outstanding parts! Thank you for understanding! |
Public Key Infrastructure |
| |
|
|
|
Using asymmetric encryption respectively the public keys conveniently, you need an adeguate infrastructure - the Public Key Infrastructure (PKI). A Public Key Infrastructure is an extensive security model, with software, guidlines and methods for creating digital certificates, storing, administering, distributing and revoking them.
|
Digital certificate |
By means of a digital certificate
a public key is linked to an identity, the correspond to a digital identification card. This id can be available in different certificate formats
. Certificate and public key can and should be distributed freely - the corresponding private key must be stored in a secure manner, at a secure place.
|
|
 |
|
Certificate |
|
Certification Authority |
Certificates for people, computers or services are issued, administered and confirmed against third parties by a trustworthy authority. Each certificate is signed with the private key of the certification authority.
|
|
 |
|
Trust Center |
|
Registration authority |
A registration authority, which can be separated from the certification authority, carries out the registration. The identity is checked and the certification process at the certification authority is initiated.
|
|
 |
|
Registrierungsstelle |
|
more parts of an PKI |
certificate template - certificate profile
On the basis of intended use a certificate template defines format and content of the certificate, which has to be issued.
directory service - centrale directory
A central directory, which can be accessed and queried by everyone, where certificates and public keys are stored, and provided to everyone. On the same way revocation information can be published.
revocation service - certificate revocation list
Of course, certificates (keys) can be revoked ( key management
) it has to be defined, how revocation can be done, and how publication of revocation information is done.
certification policy and certification practice statement
They define, how certificates can be requested, issued, revoked, what happens when they expire, how private keys has to be secured, are there backups or key escrow and so on.
PKI-enabled applications and services
A PKI doesn't make any sense if there are no possibility of using it. PKI-based applications and services are authentication (logon, kerberos), digital signature, timestamping, transaction security, notary services, single sign on, secure e-mail, VPN, WPA - WLAN, EFS, Remote Desktop and protocols which are using PKI like SSL/TLS, WTLS, S/MIME, time stamp protocols.
|
Cryptoshop Tipps |
|
PKI: Implementing and Managing E-Security
Nash, Duane, Joseph, Brink
Although its written by 4 RSA experts it isn't a RSA-commercial. It contains an introduction into asymmetric cryptography, standards, applications to smart cards, biometrics and the ROI of a PKI. |
|
Microsoft Windows Server 2003 PKI and Certificate Security
by Brian Komar and Microsoft PKI Team
contains design and implementing of certificate based solutions in Windows environment, like Smart Card Logon, WLAN, VPN, E-Mail, SSL, EFS, Code Signing.... |
|
 |
 |
|
|
 |
|
|
|
|
 |
Legal notice