Right Stuff


Thursday, January 27, 2011

PKI -Intro

I was constantly pushing back the blog writing due to work load and somehow whenever I planned to write, something will come and I will think, lets do it later, after doing it couple of times, reminded me that sometime even the lowest priority item becomes as top priority and time management stuff flashed, so what did I do,  I said let me write it now and as I think, I started writing one of my fav subject, PKI

Very few people know that I am a certified PKI architect by none other than VeriSign-New York. It is different story that I have to fly all the way across the ocean in year 2000 to understand what it is, OK will tell the story some other time and lets get back to the topic PKI.

Any guesses, what PKI stand for..................................   OK it is Public Key Infrastructure and before you read further, will share something very few of you have tried in browser. If you are using IE, then click on Tools--> Internet Options and then Content and then Certificate. Click on Intermediate Certification authority and other tabs and you will see host of certificate. The certs are linked closely to PKI, lets see how and learn basic components of PKI before we see advanced

 What is a Digital Certificate? 
  • Digital equivalent of a driver’s license, employee badge, or credit card
  • Binds a public key to an identity
  • Our CA issues two types at this time:
    • Personal certificates
    • Site certificate
and how do you verify it is authentic, The authenticity of the certificate is guaranteed by the digital signature generated using the CA’s (Certification Authority ) private key. Thus CA is a key in this chain for PKI for ensuring people are the one they claim using their Private Digital Certs (aka Private Keys)

 Digital Certificates are issues to users and sites (must for sites having https secured transaction). Serves up digital certificates that carry public key material 1.Name 2. Ccertificate number 3.Assurance level of certificate.
Certs are used to encrypt confidential data, ensure data integrity, authenticate the owner, and provide a means of non-repudiation

There are two keys generated at the same time of certificate generation a private key and public key.

Private Key

Protected by owner
Used to sign messages
Used to decrypt messages
Kept in physical possession of owner

Public Key

Distributed freely and openly
Used to verify signatures
Used to encrypt messages
Kept in individual public key “certificates”

John sends a encrypted message to Bob using Bob public Key (available with all), now he is assured that no body can open the encrypted message except Bob as it required Bob private key, which is only with Bob. Thus an ecrypted message can be transfered and ensured that only the receipent gets and view it. 
Now more later in part 2 of PKI  till then happy googling "PKI"



No comments:

Post a Comment