PKI Flashcards
(15 cards)
Man in the Middle attacks for Public Key exchange has stemmed from the issue that the attacker can insert their own Public Key into the situation. How do we avoid this?
Public keys should identify people
What is a Digital Certificate?
A way of binding a user/company to their public key
What does PKI stand for?
Public Key Infrastructure
What is PKI?
Hardware, software, people and policies that together verify a public key with a person holding the corresponding private key
What are the 4 key players in PKI?
Certification Authorities, Registration Authorities, PKI Repositories, PKI Users
What do Certification Authorities do?
Issue and revoke Public Key Certificates
PK Certificates have signatures. What are PK Certificates signed with? Why?
CA Private Key. So people can check with CA public key that the private key is real.
What does CRL stand for?
Certificate Revocation Lists
What are PKI Repositories?
The way of storing and managing certificates, as well as Certificate Revocation Lists (CRLs)
What is CRL?
List of certificates that are no longer valid
What do Registration Authorities do?
Verify certificate contents for the CA before certificates are issued
What are 3 problems with CRLs?
1) Not issued frequently enough, attacker may use invalid one 2) Expensive to distribute 3) Vulnerable to DOS attacks
What are the 3 steps of Certificate Issuance?
1) RA verifies info 2) Public-Private Key Pair generated 3) CA issues certificate
What are the 4 steps of verifying a signature
1) Get certificate 2) Get CRL (Certificate Revocation List) 3) Check certificate against CRL 4) Check signature using certificate
3 Reasons to revoke a certificate?
1) Private Key Compromised 2) Certificate Expired 3) Company Changes Name
