Public-key infrastructure
A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.[1]
In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA).
The user identity must be unique within each CA domain. The binding is
established through the registration and issuance process, which,
depending on the level of assurance the binding has, may be carried out
by software at a CA, or under human supervision. The PKI role that
assures this binding is called the Registration Authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation.
Certificate authorities
The primary role of the CA is to digitally sign and publish the
public key bound to a given user. This is done using the CA's own
private key, so that trust in the user key relies on one's trust in the
validity of the CA's key. The mechanism that binds keys to users is
called the Registration Authority (RA), which may or may not be separate
from the CA. The key-user binding is established, depending on the
level of assurance the binding has, by software or under human
supervision.
The term trusted third party (TTP) may also be used for certificate authority (CA). Moreover, PKI is itself often used as a synonym for a CA implementation.
Temporary certificates & single sign-on
This approach involves a server that acts as an online certificate authority within a single sign-on
system. A single sign-on server will issue digital certificates into
the client system, but never stores them. Users can execute programs,
etc. with the temporary certificate. It is common to find this solution
variety with x.509-based certificates
Contents of a typical digital certificate
Serial Number: Used to uniquely identify the certificate.
Subject: The person, or entity identified.
Signature Algorithm: The algorithm used to create the signature.
Signature: The actual signature to verify that it came from the issuer.
Issuer: The entity that verified the information and issued the certificate.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date.
Key-Usage: Purpose of the public key (e.g. encipherment, signature, certificate signing...).
Public Key: The public key.
Thumbprint Algorithm: The algorithm used to hash the public key.
Thumbprint: The hash itself, used as an abbreviated form of the public key.
This post is very interesting and easy to understand. I have learn a lot about how Public Key Infrastructure works from your post. The examples u gave on Public Key Infrastructure are quite less. Hence, I would suggest that maybe you can give more examples on how Public Key Infrastructure can help us. You can also elaborate more on what Public-Key infrastructure is so that readers like myself will be able to understand more. Also, maybe you can add pictures or videos to let readers like myself have a even better and clearer knowledge on what Public-key infrastructure are all about.
ReplyDeleteAfter viewing your post on public-key infrastructure(PKI), it allow me to understand more about the topic. The post is also easy to understand as there are a lot of example included in the post like Certificate authorities and Temporary certificates. This will allow the reader to be able to understand what can PKI provide.Lastly there are also some examples of contents of a typical digital certificate which provides more information.
ReplyDeleteThis post is very interesting and easy to understand. I have learn a lot about how Public Key Infrastructure works from your post. The examples u gave on Public Key Infrastructure are quite less. Hence, I would suggest that maybe you can give more examples on how Public Key Infrastructure can help us. You can also elaborate more on what Public-Key infrastructure is so that readers like myself will be able to understand more. Also, maybe you can add your own voice to make it more fun to read.
ReplyDeleteFrom your post about public-key infrastructure (PKI), I can better understand more about PKI.
ReplyDeleteFirstly, I have learned that A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Secondly, I have learned that the primary role of the Certificate Authority is to digitally sign and publish the public key bound to a given user. This is done using the CA's own private key, so that trust in the user key relies on one's trust in the validity of the CA's key. Thirdly, I have learned more about the contents of a typical digital certificate.
I have understand about Public key infrastructure alot better thanks to your post. it is well explained but it lacks examples to allow even better understanding
ReplyDeleteWell, like every other comments stated above, i learnt a lot from your post. I didn't know there was so "steps" involved, like CA and RA. And i like how you talk about the temporary certificates which they do not keep track of. :D Cool post.
ReplyDeleteWhat an interesting post! Basically, I have learn a lot about how Public Key Infrastructure works from your post. The examples u gave on Public Key Infrastructure are quite less. Hence, I would suggest that maybe you can give more examples on how Public Key Infrastructure can help us. You can also elaborate more on what Public-Key infrastructure is so that readers like myself will be able to understand more. Also, maybe you can add pictures or videos to let readers like myself have a even better and clearer knowledge on what Public-key infrastructure are all about.
ReplyDeleteThis post is very interesting and easy to understand. I have learn a lot about how Public Key Infrastructure works from your post. The examples u gave on Public Key Infrastructure are quite less. Hence, I would suggest that maybe you can give more examples on how Public Key Infrastructure can help us. You can also elaborate more on what Public-Key infrastructure is so that readers like myself will be able to understand more. Also, maybe you can add pictures or videos to let readers like myself have a even better and clearer knowledge on what Public-key infrastructure are all about.
ReplyDeleteWow, really love your detailed description and explanation of the PKI and its related elements. Very detailed, I love it. I especially like the breakdown of contents of a digital certificate. Definitely very enriching. Good stuff!
ReplyDeleteThis post is very well written as it has allowed me to better understand the concept of Public-Key Infrastructure through simple yet effective explanations. I am now able to understand that A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. I am also able to understand that the Certificate Authorities are used to digitally sign and publish the public key bound to a given user. By doing so, the authentication process is simplified as the public key can be obtained from these certificate authorities.
ReplyDelete- Amos Lee
I like the information provided above. Its short and simple but is good enough for a fresher to gain a basic knowledge about this concept. Thanks for this great detail.
ReplyDeletepublic key infrastructure