Scribd Logo
Carica

Benvenuto in Scribd!

  • PKI Tutorial: Brocade Engineering

    Caricato da

    Claudian Paduraru
    15 visualizzazioni19 pagine

    Titolo originale

    pki_documentation.pdf

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    15 visualizzazioni19 pagine

    PKI Tutorial: Brocade Engineering

    Caricato da

    Claudian Paduraru

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 19

    Brocade Engineering

    PKI Tutorial

    Jim Kleinsteiber
    February 6, 2002

    Page 1
    Brocade Engineering

    Outline
    t Public Key Cryptography Refresher Course
    t Public / Private Key Pair
    t Public-Key – Is it really yours?
    t Digital Certificate
    t Certificate Authority

    Page 2
    Brocade Engineering

    Public Key Cryptography Refresher Course


    Public Key Private Key

    Each user has 2 keys - What one key encrypts, only


    the other key in the pair can decrypt

    Public Key Private Key

    It works both ways!

    Page 3
    Brocade Engineering

    Public / Private Key Pair


    t Public Key Cryptography provides the basis for:
    – Digital Envelopes – anyone can encrypt data with the
    public key; only the holder of the private key can decrypt.
    – Digital Signatures – the holder of the private key can
    encrypt (sign); anyone can verify that the owner of the
    private key did the encryption (signature).
    t The Private key must be kept secret by its owner.
    t The Public Key is freely distributed for others to use.

    Page 4
    Brocade Engineering

    Public Key – Is it really yours?


    t How to Find Out Someone’s Public Key?
    – Send with message
    – Lookup From Database
    t How to Trust the Result?
    – Digital Certificates
    – Trusted Certificate Authorities
    t Signed Message that proves
    – “Bob’s Key is N”

    Page 5
    Brocade Engineering

    Digital Certificate

    Name, Organization,
    Address

    Owner’s Public Key


    Document

    Digital Signature Certificate Validity Dates

    Digital Certificate

    Serial Number

    Certifying Authority’s
    Digital Signature

    Page 6
    Brocade Engineering

    Certificate Authority
    t What is a Certificate Authority (CA)?
    t CA functions
    t Responsibilities
    t Delegation

    Page 7
    Brocade Engineering

    What is a Certificate Authority (CA)?


    t A fundamental component of PKI
    t Collection of Software, Hardware and people managing
    it.
    t Attributes
    – Name
    – Public key
    t Issues a self-signed certificate
    – Root CA

    Page 8
    Brocade Engineering

    Certificate Authority Functions


    t Issue certificates
    t Maintain certificate status and issue Certificate
    Revocation Lists (CRLs)
    t Publish current certificates and CRLs
    t Maintain archives of expired and revoked certificates

    Page 9
    Brocade Engineering

    Issue Certificates – Root CA

    Root CA
    t Issue certificates to Other CAs
    – Level 1 CA
    t Authorizes Level 1 CA to issue certificates
    t Level 1 CA can issue other CA certificates if authorized.
    t A CA chain is created in this manner

    Page 10
    Brocade Engineering

    Issue Certificates
    t Issue certificates to users
    t Information in the certificate is binding to the entity
    – Name, Organization, Address
    – Public key
    – Validity Dates
    – Serial number
    – Certifying authority’s digital signature

    Page 11
    Brocade Engineering

    Issue Certificates – Process


    t User Submits a Certificate Signing Request (CSR)
    – with name, public key and other information
    t CA Follows Known Policies & Procedures to validate
    request as defined in the Certificate Practice Statement
    (CPS)
    t CA Attaches Extra Information
    – Validity Dates, Key Usage, Account ID, Etc.
    t CA Signs Certificate

    Page 12
    Brocade Engineering

    Maintain Relevant Information


    t Maintain certificate directory for Certificate lookup
    t Maintain a List of Revoked Certificates (CRL)
    t Manage User Changes

    Page 13
    Brocade Engineering

    Publish Current Certificates and CRLs

    t Distribute its certificates


    t Distribute list of Revoked Certificates (CRL)
    t Distribution need not be secure
    - But it should be made secure if required for privacy.

    Page 14
    Brocade Engineering

    Maintain Archives
    t Maintain information about old certificates
    – Person or system named in certificate
    – Certificate request
    – Validity period of certificate
    – If certificate was revoked
    – Any other activity performed by CA in certificate’s
    lifetime

    Page 15
    Brocade Engineering

    Certificate Authority Responsibilities


    t Protect its private key
    t Verify subject information in CSR
    t Adhere to profile defined in CPS
    t Maintain list of revoked certificates
    t Distribute its certificates and CRLs
    t Maintain certificate archives after expiration

    Page 16
    Brocade Engineering

    Certificate Authority - Delegation


    t CA can delegate its responsibilities to
    - Registration authority (RA)
    - Repository (certificate directory)
    - Archive

    Page 17
    Brocade Engineering

    Public Key Infrastructure

    Root
    Certificate
    Users Authority

    Registration Intermediate
    Authority Certificate Archive
    Authority

    Certificate
    Directory

    Page 18
    Brocade Engineering

    Certificate Authority Delegation


    t Registration Authority (RA) verifies certificate request
    t Repository distributes certificates and CRLs
    t Archive provides long term secure storage

    CA can create multiple of these entities to offload and


    distribute work

    Page 19

    Potrebbero piacerti anche