Page 610 - StudyBook.pdf
P. 610
594 Chapter 10 • Public Key Infrastructure
Summary of Exam Objectives
PKI and key management can be difficult topics to understand, mainly because PKI
is such a robust mechanism and there are so many safeguards in place to protect key
pairs. However, these are the same reasons why PKI is widely implemented
throughout the connected world. Let’s review some of the key points regarding PKI:
■ The PKI identification process is based on the use of unique identifiers,
known as keys.
■ Each person using the PKI creates two different keys, a public key and a private
key.
■ The public key is openly available to the public, while the private key is only
known by the person for whom the keys were created.
■ Through the use of these keys, messages can be encrypted and decrypted for
transferring messages in private.
In order to use PKI, you must possess a digital certificate. Much like a driver’s
license, a digital certificate holds crucial information about the key holder.
Information stored in a digital certificate includes:
■ Serial number
■ Subject
■ Signature algorithm
■ Issuer
■ Valid from
■ Valid to
■ Public key
■ Thumbprint algorithm
■ Thumbprint
Of course, there must be a checks-and-balances system for managing certifi-
cates and associated keys.This issue is addressed through the key management life
cycle. Security professionals have to resolve questions regarding centralized vs. decen-
tralized key management; how keys will be stored for both online use and key
archival.They also have to decide how a company will or will not use key escrow.
Key/certificate management also includes the following maintenance duties:
www.syngress.com
