Shulou(Shulou.com)06/01 Report--

PKI: public key Infrastructure (Public Key Infrastructure)

Ensure information security by using public key technology and digital signatures

It is composed of public key encryption technology, digital certificate, CA and RA.

The functions that can be achieved by the PKI system:

Data confidentiality

Authentication

Data integrity

Non-repudiation of operation

Public key encryption is the foundation of PKI:

Relationship between public key and private key

Generate in pairs, different from each other, encrypt and decrypt each other

One key cannot be inferred from another.

The public key is public, and the private key is known only to the private key holder.

The private key should be kept by the holder of the key.

According to the different functions, it can be divided into data encryption and digital signature.

Data encryption:

The sender uses the receiver's public key to encrypt data

The receiver decrypts the data using its own private key

Data encryption can ensure the confidentiality of the data sent.

Digital signature:

The sender executes the HASH algorithm on the original data to get the summary value.

The sender encrypts the digest value with its own private key

Send the encrypted summary value and the original data to the receiver

The other party decrypts the digest with the sender's public key and obtains a new digest with the same HASH algorithm as the sender.

By comparing the decrypted abstract with the newly obtained summary, we can find out whether the file has been destroyed or tampered with in the process of transmission.

Digital signatures guarantee data integrity, authentication and non-repudiation

PKI protocol

SSL

HTTPS

IPSec

The certificate is used to ensure the validity of the key. The subject can be user, computer, service, etc., and the format follows the X.509 standard.

Digital certificates contain information

User's public key value

User identification information

Validity period

Issuer identification information

Digital signature of the issuer

Digital certificates are issued by an authoritative and impartial third party, namely CA

CA (Certificate Authority, Certification Authority)

The core function is to issue and manage digital certificates

The process of issuing a certificate:

User application-RA processing application-RA verification and signature-RA submission CA-CA production certificate and archiving-CA issuing certificate to RA-RA issuing certificate to user-user authentication

CA classification

Enterprise (domain environment, automatic certificate issuance)

Stand-alone (workgroup environment, certificates are issued manually)

Apply for certificate address: http:// server IP/certsrv

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.