Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PKI Tutorial
Jim Kleinsteiber
February 6, 2002
Page 1
Brocade Engineering
Outline
t Public Key Cryptography Refresher Course
t Public / Private Key Pair
t Public-Key – Is it really yours?
t Digital Certificate
t Certificate Authority
Page 2
Brocade Engineering
Page 3
Brocade Engineering
Page 4
Brocade Engineering
Page 5
Brocade Engineering
Digital Certificate
Name, Organization,
Address
Digital Certificate
Serial Number
Certifying Authority’s
Digital Signature
Page 6
Brocade Engineering
Certificate Authority
t What is a Certificate Authority (CA)?
t CA functions
t Responsibilities
t Delegation
Page 7
Brocade Engineering
Page 8
Brocade Engineering
Page 9
Brocade Engineering
Root CA
t Issue certificates to Other CAs
– Level 1 CA
t Authorizes Level 1 CA to issue certificates
t Level 1 CA can issue other CA certificates if authorized.
t A CA chain is created in this manner
Page 10
Brocade Engineering
Issue Certificates
t Issue certificates to users
t Information in the certificate is binding to the entity
– Name, Organization, Address
– Public key
– Validity Dates
– Serial number
– Certifying authority’s digital signature
Page 11
Brocade Engineering
Page 12
Brocade Engineering
Page 13
Brocade Engineering
Page 14
Brocade Engineering
Maintain Archives
t Maintain information about old certificates
– Person or system named in certificate
– Certificate request
– Validity period of certificate
– If certificate was revoked
– Any other activity performed by CA in certificate’s
lifetime
Page 15
Brocade Engineering
Page 16
Brocade Engineering
Page 17
Brocade Engineering
Root
Certificate
Users Authority
Registration Intermediate
Authority Certificate Archive
Authority
Certificate
Directory
Page 18
Brocade Engineering
Page 19