Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Public Key Infrastructure Our last lesson for this chapter on General Cryptography Concepts talks about the Public Key Infrastructure. In this lesson we discuss what the Public Key Infrastructure is and explain each of its sub components and what role they have. For example, we explored Symmetric and the Public/Private key interrelationship of Asymmetric Encryption in an earlier lesson. Now we cover Registration Authority, define what a recovery Agent and look other PKI components. You'll also learn about Certificates of Authority, how they are generated, what is validate what the certificate revocation list (CRL) is. And finally, we'll dissect CA hashing, demonstrate what it looks like during encryption and decryption at the browser level and learn why that is important during the encryption process. [toggle_content title="Transcript"] Welcome to cybrary.IT. my name is John Oyeleke, subject matter expert for the security + certification. In this video we will be discussing sections 6.3 and 6.4. These have to do with public key infrastructure and the associated components. Public key infrastructure entails the use of multiple infrastructure technologies, protocols, cryptography to ensure they exchange messages across the internet. Organizations will use a collection of several technologies. These include your symmetric keys that have to do with the public key and the private keys, this registration authority, key escrow, the recovery agent, the certificate authority and certificate revocation list. All of these are brought together to guarantee that secure messages can be exchanged across the internet between individuals or users who need to share information. With the use of public key infrastructure we use symmetric key. Symmetric key involves 2 keys, public key and the private key. The public key can be advertised to anyone but the private key is never disclosed. If we encrypt messages with the public key, only the corresponding private key could be used to decrypt the message. When we have the use of these keys, organizations are usually provided keys so that they can do verification of themselves. If they proceed to get the certificates with which they properly authenticate themselves to other individuals or anybody accessing their sites, the first entity is the registration authority the registration authority is responsible for verification of the entity, seeking to achieve a certificate. The registration authority will see the address, the name, and the business documents that verify that business, so that a certificate will then be individually assigned to that person by the certificate authority. The registration authority does not do assignment of certificate rather, they do verification of entity. If the registration authority is satisfied, now the entity or the company is passed over to the certificate authority. If we are using symmetric keys, public and private keys, we need to have something called the key escrow. The key escrow is a trusted 3rd party entity, with which we keep copies of our keys for a time of need. Should it be that we lose the keys, we forget the keys or the users that daily work with the key no longer members of the organization, we could send the recovery agent to the key escrow. That entity we sent to the key escrow to recover copies of the key is what we call the recovery agent. The key escrow is the trusted 3rd party entity with which we safeguard copies of our keys for a time of need. Within the organization we have one entity we send to the key escrow to retrieve the keys, that entity is called the recovery agent. The recovery agent does not safeguard the keys. The key escrow safeguards the keys. The recovery agent is only to retrieve the key from the key escrow. Next we have the certificate authority. The certificate authorities generate the certificates. They sign the certificates and also issue the certificates. Certificates are only issued by the certificate authorities. The certificate authorities could also publish what is called a certificate revocation list. The certificate revocation list is a list of revoked certificates. Certificates could be revoked for several reasons, one, they could expire or certain information could have been false while they were doing verification and certificates need to be revoked if this has been discovered. Certificates that have been tampered with need to be revoked and these certificates that have also expired will be revoked and published on a certificate revocation list. The essence of the certificate revocation list is so that we have a list of certificates that are no longer in use and not to be trusted. The certificate revocation list can only be published by the certificate authority. The certificate authorities would only revoke certificates that were issued by themselves, they do not revoke certificates issued by other certificate authorities. This concludes the section 6.3 and 6.4 of the Security + syllabus. [/toggle_content]
CISSP CISM CISA CHFI CSXF CEH, Cyber Security Specialist & Trainer
Subscribe to become an Insider Pro and get access to premium content such as: