E CES, 212 81, Module 4, Applications of Cryptography, E CES, 212 81, Module 3, Number Theory and Asymmetric Cryptography, E CES, 212 81, Module 2, Symmetric Cryptography and Hashes, E CES, 212 81, Module 5, Cryptanalysis, E CES, 212 81, Module 1, Hi...

Document Content and Description Below

FIPS Standards - ANS-FIPS 140: Cryptographic Modules FIPS 186: Digital Signatures FIPS 197: AES FIPS 201: Identity Verificatio Digital Signatures - ANS-Encryption of a message digest with the sende ... r's private key. Provides: - Authentication - Integrity - Non-repudation Digital Certificate - ANS-A digital document that contains a public key and some information to allow your system to verify where that key came from. Uesd for web servers, Cisco Secure phones, E-Commerce. PKI (Public Key Infrastructure) - ANS-Uses asymmetric key pairs and combines software, encryption and services to provide a means of protecting the security of business communication and transactions. PKCS (Public Key Cryptography Standards) - ANS-Put in place by RSA to ensure uniform certificate management throughout the internet. Trusted Third Party (TTP) - ANS-Certificate, a digital representation of the information that identifies you as a relevant entity. CA (Certification Authority) - ANS-An entity trusted by one or more users to manage certificates. RA (Registration Authority) - ANS-Used to take the burden off of a CA by handling verification prior to certificates being issued. Acts as a proxy between user and CA. Receives request, authenticates it and forwards it to the CA. CP (Certificate Policy) - ANS-A set of rules that defines how a certificate may be used. X.509 - ANS-The most widely used digital certificate standard. First issued July 3, 1988. It is a digital document that contains a public key signed by the trusted third party, which is known as a Certificate Authority, or CA. Relied on by S/MIME. Contains your name, info about you, and a signature of a person who issued the certificate. X.509 Certificate Content - ANS-Version Certificate holder's public key Serial number Certificate's validity period Unique name of certificate issuer Digital signature of issuer Signature algorithm identifier X.509 Certificate File Extensions - ANS-.pem .cer, .crt., .der .p7b, .p7c .p12 .pfx .pem - ANS-Privacy Enhanced Mail, a Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" .cer, .crt, .der - ANS-Usually in binary DER form, but Base64-encoded certificates are common also (see .pem). .p7b, .p7c - ANS-PKCS#7 SignedData structure without data, just certificate(s) or CRL(s). .p12 - ANS-PKCS#12, may contain certificate(s) (public) and private keys (password protected). .pfx - ANS-Predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., w/ PFX files generated in IIS). Certificate Authority (CA) - ANS-The primary role of this is to digitally sign and publish the public key bound to a given user. It is an entity trusted by one or more users to manage certificates. Verisign is an example. Certificate Authority - Verisign - Class 1 - ANS-For individuals, intended for email Certificate Authority - Verisign - Class 2 - ANS-For organizations for which proof of identity is required Certificate Authority - Verisign - Class 3 - ANS-For servers and software signing, for which independent verification and checking of identity and authority is done by the issuing CA Certificate Authority - Verisign - Class 4 - ANS-For online business transactions between companies Certificate Authority - Verisign - Class 5 - ANS-For private organizations or governmental security Registration Authority (RA) - ANS-Used to take the burden off of a CA by handling verification prior to certificates being issued. Acts as a proxy between the user and the CA. Receives request, authenticates it, and forwards it to the CA. [Show More]

Last updated: 3 years ago

Preview 1 out of 19 pages