This lesson will help CISSP candidates (and hopefully everyone else) to fully understand what a public key infrastructure (PKI) is and how it works from a lay person’s perspective. For students, this is part of the CBK Domain 3, Security Architecture and Engineering.
PKI is a collection of entities, software, protocols and communications in order to manage and use public key, or asymmetric cryptography.
The purpose of PKI is to help publish the keys and certificates, certify and validate public key ownership, validate the public keys, and provide the services of cryptography.
The registration authority is the entity or server that establishes and verifies the accuracy of information in the certificate. It provides certificate registration services. It verifies the identity of entities requesting certificates, and it verifies the accuracy of information in a certificate request.
A digital certificate is an electronic document containing the business name and address of the certificate holder, the digital signature of the certificate authority, and the entity’s public key, serial number, and expiration date of the certificate. The certificate authority issues and revokes digital certificates. The revocation can be done through an online certificate status protocol, or a certification revocation list.
The x.509 version 3 is the current standard used for digital certificates.