Asymmetric Key Algorithms

Previously you learned about asymmetric key algorithms and you should understand that asymmetric encryption requires two keys: public and private. As a review, using the flashcards define asymmetric key encryption, public key, private key, and digital certificate. Then read the section on asymmetric encryption.

X.509 is a standard for PKI digital certificate formatting that includes specifics such as the public key certificates, certificate revocation list, and attribute certifications. There are four main types of digital certificates issued by a Certificate Authority, as shown in the chart.

Types of Digital Certificates

Digital Certificate Description
End-entity Certificates
  • Issued to specific entity
  • Bind a public key to entity listed on the certificate
  • Identity document provided by most PKI
  • Signed by CA
CA Certificates
  • Certificate for identifying public key for CA
  • Can be self-assigned or assigned by a superior CA
Cross-certification Certificates
  • Used by independent CA to establish peer-to-peer relationships
  • Tells user that connecting CA is okay to use
Policy Certificates
  • Traceable
  • Used in high security applications
  • Provide centrally controlled policy information