Cryptography U IV
Cryptography U IV
Digital Certificates
and Public Key
Infrastructure (PKI)
2
syllaBUS
Introduction,
Digital Certificates,
Private Key Management,
The PKIX Model,
Public Key Cryptography Standards(PKCS),
XML,PKI and Security,
Creating Digital Certificate
Introduction
3
BIG CONCEPT
8
9
10
a) Firstly, the RA needs to verify the user’s credentials such as the evidences
provided are correct and that they are acceptable.
(Organization and Individual)
Certificate directory.
PKIX Services
• Registration – It is the process where an end-entity (subject)
makes itself known to a CA. Usually, this is via an RA.
• Initialization – This deals with the basic problems, such as
how the end-entity is sure that it is talking to the right CA? We
have seen how this can be tackled.
• Certification – In this step, the CA creates a digital certificate
for the end-entity and returns it to the end-entity, maintains a
copy for its own records and also copies it in public directories,
if required.
• Key pair recovery – Keys used for encryption may be required
to be recovered at a later date for decrypting some old
documents. Key archival and recovery services can be provided
by a CA or by an independent key recovery system.
20
XML Encryption
We can encrypt one or all of the following portions
of an XML document: