5th Chapter-PKI and Certificate Service Application
First, public key infrastructure
(1), what is a PKI
ØPKI (public key infrastructure, PKI) is a technology that ensures information security by using public key technology and digital signatures, and is responsible for verifying the identity of a digital certificate holder
Ø In a PKI, each participant trusts the same CA (a certification authority) to reconcile and verify the identities of the participants
"Composition of PKI" →→→ four parts
Digital Certificates : Authentication for users
Public Key Cryptography technology : public and private keys
Authentication Configuration (CA): Is the core of the PKI, responsible for the management of all users in the PKI (including various applications) digital certificate generation, distribution, verification and revocation
Registration Authority (PA): Accepts the user's request, is responsible for the user's relevant application letter to file the record, and stores in the database, waits for the audit, and passes the approval the certificate request sends the certificate
"The characteristics of public key cryptography Technology"
authentication : Confirming the identity of the user
Data Integrity : Ensure that data is not modified during transmission
Data Confidentiality : Preventing unauthorized users from obtaining data
the undeniable nature of the operation : to ensure that the user can not impersonate another user's identity
(2), Public key encryption technology
Public-Key cryptography is the foundation of PKI for encrypting and decrypting
Ø requires two types of key "public key", "private Key"
"Public and private key relationships"
A the public and private keys are generated in pairs, and the keys are different and can be encrypted and decrypted
b) cannot derive another key based on one key
C Public key public, private key only private key holders know
d The private key should be properly kept by the holder of the key
Note 1:
The public key and the private key should be paired for use, if the data is encrypted with the public key, only the corresponding private key can be decrypted; If the data is encrypted with the private key, only the corresponding public key can be decrypted
NOTE 2:
Because public key cryptography uses two different keys for encryption and decryption, the public key confidential technology page is called Asymmetric encryption technology. With asymmetric encryption technology, there is also a symmetric encryption technology, symmetric encryption using the same key for encryption, decryption
1. Data encryption
definition: Data encryption ensures that only the intended recipient can decrypt and view the original data, thereby improving
of confidentiality
function: Data encryption can guarantee the confidentiality of the data sent. Can not guarantee the integrity of the data, identity verification
Proof and Non-repudiation, that is, can not check the data in the transmission process is complete, and verify that the sender
's identity
Figure: The process of data encryption
" process of Data encryption "
A when transmitting data, the sender uses the receiver's public key to encrypt the data and transmits it
b When the receiving party receives the data, it decrypts the data using its own private key
2. Digital signature
" The role of digital signatures "
Authentication : The receiver can confirm the identity of the sender
Data Integrity : Verify that the contents of the message are not modified during the transfer process
the undeniable nature of the operation : No other user can impersonate the sender to send data
Figure: The process of digitally signing