Implementing PKI

    Date12 Jan 2001
    CategoryCryptography
    3128
    Posted ByAnthony Pell
    A certificate is a structured document that binds some information (such as Bob's name) to a public key, and is digitally signed by a trusted third party called a certification authority or CA. To verify a certificate, the user of the . . . A certificate is a structured document that binds some information (such as Bob's name) to a public key, and is digitally signed by a trusted third party called a certification authority or CA. To verify a certificate, the user of the public key must first obtain the public key of the CA by some other trusted means. Although it seems that we are now back to square one, the difference is that we now only have to get one key in order to communicate with any entity which has a certificate issued by that trusted CA. Additionally, if the CA is able to certify the public key of other CAs, which in turn certify other CAs, we will be able to securely communicate with any entity, providing that we can find a chain of certificates between the CA which we trust and the CA which certified the key of the entity with whom we wish to communicate.

    A CA is also responsible for revoking certificates when they are no longer considered valid; that is, the bond between the user?s identity and the use of the private key associated with the public key that is established in the certificate is no longer valid. The most common mechanism for distributing certificate revocation information is a certificate revocation list (CRL).

    A registration authority (RA) is an authority equipped with software responsible for verifying that certificate requestors identify themselves according to the policies defined by the issuing organization. The RA software authorizes the CA to issue a certificate and also securely passes the certificate request to the CA.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.