Flux rss
Reviews

PKI - Public key infrastructure

What is a PKI?

PKI (Public Key Infrastructure) refers to the group of technical solutions based on public-key cryptography.

Public-key cryptosystems make it possible to bypass the need to systematically use a secure channel to exchange keys. However, large-scale publication of public keys needs to be made based on complete trust to make sure that:

  • The public key indeed belongs to its owner;
  • The key's owner is trustworthy;
  • The key is still valid.

As such, the two-part key (public key/private key) needs to be associated with a certificate issued by a trusted third party: public key infrastructure.

Concept of trusted third party

The trusted third party is an entity commonly called a certification authority (abbreviated CA) that is responsible for ensuring the truthfulness of information contained in the public key certificate as well as its validity.

To do so, the authority signs the public key certificate with its own key by using the principle of digital signatures.

Role of public key infrastructure

The role of public key infrastructure is multiple and covers the following areas among others:

  • recording key requests by verifying the requesting parties' identity;
  • generating key pairs (private key/public key);
  • guaranteeing the confidentiality of private keys corresponding to public keys;
  • certifying the relation between each user and his public key;
  • revoking keys (if lost by their owner, if their validity period has expired or if compromised)

Structure of a PKI

A public key infrastructure is generally made of two separate entities:

  • The recording authority (abbreviated RA), in charge of administrative formalities such as verifying requesting parties' identity, monitoring and managing requests, etc.);
  • The certification authority (abbreviated CA), in charge of technical tasks involved in creating certificates. The certification authority is therefore responsible for certificate signing requests (abbreviated CSRs and sometimes called PKCS#10, the name of the corresponding format). The certification authority is also responsible for signing certificate revocation lists (CRLs);
  • The Repository, whose job is to keep certificates in a secure place;


Last update on Thursday October 16, 2008 02:43:18 PM.
This document entitled « PKI - Public key infrastructure » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.

Results for PKI Public key infrastructure

Cryptography - Public-key systems The principle of asymmetric encryption (also called public-key encryption) first appeared in 1976, with the publication of a work about cryptography by Whitfield Diffie and Martin Hellman. In an asymmetric cryptosystem (or public-key cryptosystem),... en.kioskea.net/crypto/clepublique.php3
Cryptography - Session keys Asymmetric algorithms (which come into play in public-key cryptosystems) make it possible to eliminate problems related to key sharing via a secure channel. However, they remain much less effective (in terms of calculation time) than symmetric... en.kioskea.net/crypto/cledesession.php3
GnuPG : key commands GnuPG : key commands Storage keyring Public Key servers Below is a list of main commands for operating GnuPG Generate double keys: gpg --gen-key List available keys: gpg --list-keys Exporting your public key: gpg --armor --export... en.kioskea.net/faq/sujet-839-gnupg-key-commands

Results for PKI Public key infrastructure

[Spyware] DSO ExploitDSO Exploit People using SpyBot-Search&Destroy 1.3 release anti spy ware software, it may happen that during each scan the DSO Exploit threat is detected. Though the threat is handled, each time you restart your PC, DSO Exploit is... en.kioskea.net/faq/sujet-651-spyware-dso-exploit
Keyboard Shortcuts for WindowsKeyboard Shortcuts for Windows Windows System In a General Folder and text programs In a General Folder For a Selected Item a Folder For Microsoft Word For Microsoft Excel For Microsoft PowerPoint For Internet Explorer There are a... en.kioskea.net/faq/sujet-213-keyboard-shortcuts-for-windows
Avast-Obtaining your new licence key and get registeredAvast–Obtaining your new licence key and get registered Avast is one the first antivirus application for windows Microsoft windows. During first installation of Avast, your licence for operating this software is for a short period of two... en.kioskea.net/faq/sujet-272-avast-obtaining-your-new-licence-key-and-get-registered
More answers

Results for PKI Public key infrastructure

Microsoft PublisherHello, I can not install MS Publisher. It say that the product key i've got, is for an upgrade, and that i have to have Offiec Xp. Which I do, so when i select C drive (where Office is installed) it looks for a bit and then says that it can not... en.kioskea.net/forum/affich-14239-microsoft-publisher
I need help activating the 25 product keyHello, i do everything they ask i put in the 25 product key and then it says to restart and i do that and when i log on again i have to put the 25 product key again but it does not work...help me en.kioskea.net/forum/affich-25352-i-need-help-activating-the-25-product-key
Ms office product keyHello, i am installed ms office licensed on my office system , i am format one system i don't know which office is installed on this system anyone can tell me pls very urgent en.kioskea.net/forum/affich-27196-ms-office-product-key
More answers

Results for PKI Public key infrastructure

Download PicLens PublisherPiclens Publisher is a program allowing to create a diaporama of pictures in full screen for your Websites. It combines the potency of Piclens and Piclens Lite to give you a quality product. Creation is made in two stages: Choose pictures that you... en.kioskea.net/telecharger/telecharger-627-piclens-publisher
Download WIFI Key GeneratorConnections Wifi are certainly very practical, but given that they require no wiring, everybody can be connected to it if his computer is compatible with Wifi. WIFI Key Generator is a small application intended to generate keys of protection for your... en.kioskea.net/telecharger/telecharger-459-wifi-key-generator
Download Asterisk KeyIs never asked to you you what hide asterisks when they write a password? Although it is an a bit stupid question, when you do not remember your password any more, you will have liked well to know the answer to this question. Asterisk Key is a very... en.kioskea.net/telecharger/telecharger-740-asterisk-key
More answers

Results for PKI Public key infrastructure

Internet flaw a boon to hackersA skull-and-crossbones symbol is placed over a computer keyboard at a 'hacker academy' in Paris, France. Computer security professionals crammed into a Las Vegas ballroom on Wednesday for the first public briefing on an Internet flaw that... en.kioskea.net/actualites/internet-flaw-a-boon-to-hackers-10592-actualite.php3
IT chiefs warn of cyber-terrorism threatA skull-and-crossbones symbol is placed on a keyboard. Global experts have warned that the threat of cyber-terrorism is growing and most countries are vulnerable to attacks that can shut down critical infrastructure. The threat of cyber-terrorism is... en.kioskea.net/actualites/it-chiefs-warn-of-cyber-terrorism-threat-10388-actualite.php3
More answers

Results for PKI Public key infrastructure

Cryptography - Secure Sockets Layers (SSL) SSL (Secure Sockets Layers) is a process that manages the security of transactions made on the Internet. The SSL standard was developed by Netscape, together with Mastercard, Bank of America, MCI and Silicon Graphics. It is based on a public-key... en.kioskea.net/crypto/ssl.php3
Cryptography - Introduction to RSA The first public-key encryption (asymmetric encryption) algorithm was developed by R.Merckle and M.Hellman in 1977. It was quickly made obsolete thanks to the work of Shamir, Zippel and Herlestman, famous cryptanalysts. In 1978, the public key... en.kioskea.net/crypto/rsa.php3
Cryptography - Certificates Asymmetric encryption algorithms are based on the sharing of a public key among various users. In general, this key is shared via an electronic directory (usually in LDAP format) or a website. However, this mode of sharing has a major shortcoming:... en.kioskea.net/crypto/certificat.php3
More answers