www.fgks.org   »   [go: up one dir, main page]
Wikipedia

Public key infrastructure: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Xoa tat ca
Tags: references removed Visual edit Mobile edit Mobile web edit
m Reverted 2 edits by 123.22.13.127 (talk) to last revision by LizardJr8 (TW)
Tags: Undo nowiki added
Line 1:
[[File:Public-Key-Infrastructure.svg|thumb|300px|Diagram of a public key infrastructure]]
 
A '''public key infrastructure''' ('''PKI''') is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke [[digital certificates]] and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.
 
In [[cryptography]], a PKI is an arrangement that ''binds'' [[public keyskey]]s with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a [[certificate authority]] (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision.
 
The PKI role that assures valid and correct registration is called a ''registration authority'' (RA). An RA is responsible for accepting requests for digital certificates and authenticating the entity making the request.<ref name="techotopia">{{cite web|title=An Overview of Public Key Infrastructures (PKI)|url=http://www.techotopia.com/index.php/An_Overview_of_Public_Key_Infrastructures_(PKI)|website=Techotopia|accessdate=26 March 2015}}</ref> In a [[Microsoft]] PKI, a registration authority is usually called a subordinate CA.<ref name="msdn">{{cite web|title=Public Key Infrastructure|url=https://msdn.microsoft.com/en-us/library/windows/desktop/bb427432%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396|website=MSDN|accessdate=26 March 2015}}</ref>
 
An entity must be uniquely identifiable within each CA domain on the basis of information about that entity. A third-party [[validation authority]] (VA) can provide this entity information on behalf of the CA.
 
The [[X.509]] standard defines the most commonly used format for [[public key certificates]].<ref>{{cite web|url=https://www.ssltrust.com.au/help/setup-guides/client-certificate-authentication|title=Using Client-Certificate based authentication with NGINX on Ubuntu - SSLTrust|website=SSLTrust|accessdate=13 June 2019}}</ref>
 
== Design ==
 
[[Public key cryptography]] is a [[cryptographic]] technique that enables entities to [[secure communication|securely communicate]] on an insecure public network, and reliably verify the identity of an entity via [[digital signatures]].<ref>{{cite book|author=Adams, Carlisle |author2=Lloyd, Steve|title=Understanding PKI: concepts, standards, and deployment considerations|publisher=Addison-Wesley Professional|year=2003|isbn=978-0-672-32391-1|pages=11–15|url=https://books.google.com/books?id=ERSfUmmthMYC&pg=PA11}}</ref>
 
A public key infrastructure (PKI) is a system for the creation, storage, and distribution of [[digital certificates]] which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed.<ref>{{cite book|author=Trček, Denis|title=Managing information systems security and privacy|publisher=Birkhauser|year=2006|isbn=978-3-540-28103-0|page=69|url=https://books.google.com/books?id=oswvyhAftLsC&pg=PA69}}</ref><ref name="Vacca-2004-p8">{{cite book|author=Vacca, Jhn R.|title=Public key infrastructure: building trusted applications and Web services|publisher=CRC Press|year=2004|isbn=978-0-8493-0822-2|page=8|url=https://books.google.com/books?id=3kS8XDALWWYC&pg=PA8}}</ref><ref>{{cite book|author=Viega, John|title=Network Security with OpenSSL|publisher=O'Reilly Media|year=2002|isbn=978-0-596-00270-1|pages=61–62|url=https://books.google.com/books?pg=PT61|display-authors=etal}}</ref>
 
A PKI consists of:<ref name="Vacca-2004-p8" /><ref name="ABCs-of-PKI">{{cite news|author=McKinley, Barton|title=The ABCs of PKI: Decrypting the complex task of setting up a public key infrastructure|work=Network World|date=January 17, 2001|url=http://www.networkworld.com/research/2000/0117feat.html|deadurl=yes|archiveurl=https://web.archive.org/web/20120529211639/http://www.networkworld.com/research/2000/0117feat.html|archivedate=May 29, 2012|df=}}</ref><ref>{{cite book|author=Al-Janabi, Sufyan T. Faraj|chapter=Combining Mediated and Identity-Based Cryptography for Securing Email|editor=Ariwa, Ezendu |display-editors=etal |title=Digital Enterprise and Information Systems: International Conference, Deis, <nowiki>[...]</nowiki> Proceedings|publisher=Springer|year=2012|isbn=|pages=2–3|url=https://books.google.com/books?id=s-HVzAc_ZqEC&pg=PA2|display-authors=etal}}</ref>
A PKI consists of:
 
* A ''[[certificate authority]]'' (CA) that stores, issues and signs the digital certificates
* A ''registration authority'' (RA) which verifies the identity of entities requesting their digital certificates to be stored at the CA
* A ''central directory''—i.e., a secure location in which to store and index keys
Retrieved from "https://en.wikipedia.org/wiki/Public_key_infrastructure"