Public Key Infrastructure
Public Key Infrastructure
Public Key Infrastructure
INFRASTRUCTURE
PUBLIC KEY INFRASTRUCTURE
(PKI)
➢ Public key infrastructure (PKI)
➢ Purpose of PKI
➢ PKIX
➢ End entity
A generic term used to denote end users, devices (eg., servers, routers), or any
other entity that can be identified in the subject field of a public key certificate.
➢ Certification authority (CA)
The issuer of certificates and certificate revocation list (CRLs). It may also support a
variety of administrative functions, although these are often delegated to one or
more registration authorities.
➢ Registration authority (RA)
➢ CRL issuer
➢ Repository
A generic term used to denote any method for storing certificates and CRLs so that
they can be retrieved by End Entities.
PKIX MANAGEMENT
FUNCTIONS AND
PROTOCOLS
PKIX Management Functions:
PKIX identifies a number of management functions that potentially need to be
supported by management protocols
1. Registration:
2. Initialization:
This is the process in which a CA issues a certificate for a user's public key,
and returns that certificate to the user's client system and/or posts that
certificate in a repository.
Key pairs can be used to support digital signature creation and verification,
encryption and decryption, or both. Key pair recovery allows end entities to
All key pairs need to be updated regularly (i.e., replaced with a new key pair)
and new certificates issued. Update is required when the certificate lifetime
7. Cross certification:
RFC 2797 defines certificate management messages over CMS (CMC), where
CMS refers to RFC 2630, cryptographic message syntax.
Although all of the PKIX functions are supported, the functions do not all map into
specific protocol exchanges.