Date Released: 10/22/2010
PKI-Public Key Infrastructure is a two-key asymmetric system. Messages are encrypted with a public key and decrypted with a private key. Symmetric (private) key systems use one key for en/decryption. While implementations are not necessarily compatible, the main purpose of PKI is to provide interoperability across vendors, systems and networks. This tutorial reviews CA-Certificate Authority responsible for issuing, distributing and revoking certificates. Both public and private CAs exist.
– Inside a X.509 certificate (example only) Certificate: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Algorithm ID: md5WithRSAEncryption Issuer: ABC OU=Certification Services Division, Validity Not Before: Jan 1 00:00:00:00 2009 GMT Not After : Jun 1 00:00:00:00 2009 GMT Subject: Critical Update Subject Public Key Info: Public Key Algorithm: rsaEncryption Subject Public Key Issuer Unique Identifier (Optional) Certificate Signature Algorithm: md5WithRSAEncryption Certificate Signature
The CSP-Certificate Statement Practice is the document which determines the contents of the certificate. Certificate revocation is the process of terminating a certificate before it expires. The owner of the certificate can revoke a certificate at anytime via OCSP-Online Certificate Status Protocol or the CRL-Certification Revocation List which is updated hourly, daily, etc and is distributed to the PKI (explained next).
– RA-Registration Authority – off-loads from CA – accepts registrations, distributes keys, validates identities – LRA-Local RA – establishes identity of individual
There are four types of Trust Models in PKI-Public Key Infrastructure – Hierarchical – Bridge – Hybrid – Mesh (shown here)
Fonte:Digital Certificates Explained – Basics – 101 – TECHtionary Animated Tutorial posted on Fast Pitch
O Blog apresenta sempre novidades sobre certificação digital. Conheça e divulgue.