Introduction to PKI and Certificate Services application

5th Chapter-PKI and Certificate Service Application

First, public key infrastructure

(1), what is a PKI

ØPKI (public key infrastructure, PKI) is a technology that ensures information security by using public key technology and digital signatures, and is responsible for verifying the identity of a digital certificate holder

Ø In a PKI, each participant trusts the same CA (a certification authority) to reconcile and verify the identities of the participants

"Composition of PKI" →→→ four parts

Digital Certificates : Authentication for users

Public Key Cryptography technology : public and private keys

Authentication Configuration (CA): Is the core of the PKI, responsible for the management of all users in the PKI (including various applications) digital certificate generation, distribution, verification and revocation

Registration Authority (PA): Accepts the user's request, is responsible for the user's relevant application letter to file the record, and stores in the database, waits for the audit, and passes the approval the certificate request sends the certificate

"The characteristics of public key cryptography Technology"

authentication : Confirming the identity of the user

Data Integrity : Ensure that data is not modified during transmission

Data Confidentiality : Preventing unauthorized users from obtaining data

the undeniable nature of the operation : to ensure that the user can not impersonate another user's identity

(2), Public key encryption technology

Public-Key cryptography is the foundation of PKI for encrypting and decrypting

Ø requires two types of key "public key", "private Key"

"Public and private key relationships"

A the public and private keys are generated in pairs, and the keys are different and can be encrypted and decrypted

b) cannot derive another key based on one key

C Public key public, private key only private key holders know

d The private key should be properly kept by the holder of the key

Note 1:

The public key and the private key should be paired for use, if the data is encrypted with the public key, only the corresponding private key can be decrypted; If the data is encrypted with the private key, only the corresponding public key can be decrypted

NOTE 2:

Because public key cryptography uses two different keys for encryption and decryption, the public key confidential technology page is called Asymmetric encryption technology. With asymmetric encryption technology, there is also a symmetric encryption technology, symmetric encryption using the same key for encryption, decryption

1. Data encryption

definition: Data encryption ensures that only the intended recipient can decrypt and view the original data, thereby improving

of confidentiality

function: Data encryption can guarantee the confidentiality of the data sent. Can not guarantee the integrity of the data, identity verification

Proof and Non-repudiation, that is, can not check the data in the transmission process is complete, and verify that the sender

's identity

Figure: The process of data encryption

" process of Data encryption "

A when transmitting data, the sender uses the receiver's public key to encrypt the data and transmits it

b When the receiving party receives the data, it decrypts the data using its own private key

2. Digital signature

" The role of digital signatures "

Authentication : The receiver can confirm the identity of the sender

Data Integrity : Verify that the contents of the message are not modified during the transfer process

the undeniable nature of the operation : No other user can impersonate the sender to send data

Figure: The process of digitally signing