CS406: Information Security

In the previous section, the use of public keys in symmetric and asymmetric cryptographic systems was discussed. One of the issues with using public keys is validating their integrity. Digital certificates can be used when passing public keys between two separate entities which can be people, hardware, software, or a department. Digital certificates have become the standard mode of public key transmission because it contains information about the user of the key. With the information gained by using digital certificates, a public key infrastructure (PKI) can be established which can perform various functions that make disturbing keys and maintaining their integrity easier. PKI vendors provide methods to make this process easier.

The video, What are certificates (15:10), discusses what a digital certificate is and how a certificate works to secure communication.

The primary elements of PKI are Certificate Authority, Digital Certificates, Policies, Certificate Management and Registration Authority as illustrated in Figure 5.

Figure 5 – The primary elements of PKI

• A Digital Certificate is a standard format for passing public keys that uses a digital signature to bind entities to keys.
• A Certificate Authority (CA) is a third-party that ensures users are who they say they are.
• The Registration Authority (RA) accepts the enroll request from users, authenticates users, and then passes the request to the Certificate Authority so that the CA can issue the digital certificate.