Shulou(Shulou.com)06/01 Report--

PKI and Certificate Service Application

-what is PKI:

Public Key Infrastructure, public key infrastructure

L PKI is composed of public key encryption technology, digital authentication, certificate issuance structure (CA), registration authority (RA) and so on: digital certificate is used for user authentication; CA is a trusted entity responsible for issuing, updating and revoking certificates; RA accepts users' requests and other functions

L PKI system can realize the following functions: identity authentication; data integrity; data confidentiality; and non-repudiation of operation.

-Public key (Public Key) and private key (Private Key)

The key is generated in pairs, the two keys are different from each other, and the two keys can be encrypted and decrypted from each other; the other key cannot be deduced from one key; the public key is public; the private key is known only to the holder of the private key; the private key should be kept by the holder of the private key.

-data encryption:

The sending method encrypts the data with the receiver's public key; when the receiver uses its own private key to decrypt the data; data encryption ensures the confidentiality of the sent data.

-Digital signature:

The sending method is encrypted with its own private key; the receiver uses the sender's public key to decrypt; authentication, data integrity, and the non-repudiation of the operation.

-what is a certificate:

The digital certificate in PKI system is called certificate for short.

It bundles the public key with the identification information (such as name, email, * * number, etc.) of the principal that owns the corresponding private key.

The subject of a certificate can be a user, a computer, a service, etc.

L certificates can be used in many ways: Web user authentication; Web server authentication; secure email; Internet protocol security (IPSec)

L Digital certificates are issued by an authoritative and impartial third party, namely CA

L the certificate contains the following information: the public key value of the consumer; consumer identification information (such as name and email address); validity period (validity time of the certificate); issuer identification information; issuer's digital signature

-the role of CA:

The core function of CA is to issue and manage digital certificates, which are described as follows: processing certificate applications; identifying whether applicants are qualified to receive certificates; issuing certificates; updating certificates; receiving end-user digital certificates query and revocation; generating and issuing certificate revocation lists (CRL); digital certificate archiving; key archiving; historical data archiving.

-the process of issuing the certificate:

1. Certificate request: the user fills in the certificate application information based on personal information and submits the certificate application information

2. RA confirms users: manual verification is generally used in intranets, which can better ensure the security and authenticity of user information.

3. Certificate policy processing: if the authentication request is successful, the policy specified by the system is applied to the request, such as name constraint, key length constraint, etc.

4. RA submits the user application information to CA:RA to sign the user application information with its own private key to ensure that the user application information is submitted by RA to CA

5. CA generates a key pair for the user, and uses CA's signature key to sign the user's public key and user information ID to generate an e-Cert: in this way, CA binds the user's information with the public key, and then CA publishes the user's digital certificate and user's public key to the directory

6. CA sends the e-Cert to the RA that approves the user

7. RA sends the e-Cert to the user (or the user takes the initiative to retrieve it)

8. Users verify certificates issued by CA: ensure that their information has not been edited during the signing process, and that the certificate is indeed issued by a trusted CA authority through the public key of CA

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.