Advanced Cryptography Chapter 6 Flashcards

Questions and Answers

What is a digital certificate used for?

Verifying the identity of a user (correct)

Encrypting data

Storing public keys

None of the above

List the contents of a digital certificate.

Owner's name, Owner's public key, Name of the issuer, Digital signature of the issuer, Serial number of the digital certificate, Expiration date of the public key.

Who manages digital certificates?

Certificate Authority

Registration Authority

Certificate Repository

All of the above (correct)

What are the duties of a Certificate Authority (CA)?

Generate, issue, and distribute public key certificates; distribute CA certificates; generate and publish certificate status information; provide a means for subscribers to request revocation; revoke public key certificates; maintain security of certificate issuance. Signup and view all the answers

What is a Certificate Signing Request (CSR)?

A specially formatted encrypted message generated by the subscriber requesting a digital certificate. Signup and view all the answers

What are the identification methods of a Registration Authority?

All of the above Signup and view all the answers

What is an Online Certificate Status Protocol (OCSP)?

A request-response protocol that performs a real-time lookup of a certificate's status. Signup and view all the answers

What is the main difference between a personal digital certificate and a server digital certificate?

Personal certificates are for individuals, server certificates are for servers Signup and view all the answers

List the life cycle stages of a certificate.

Creation, Suspension, Revocation, Expiration. Signup and view all the answers

What does SSL stand for?

Secure Sockets Layer Signup and view all the answers

What is the purpose of key escrow?

A process in which keys are managed by a third party, splitting and encrypting a private key. Signup and view all the answers

What does the trust model refer to in digital certificates?

A type of trust relationship that can exist between individuals or entities. Signup and view all the answers

What is IPsec used for?

Securing IP communications Signup and view all the answers

What are the main categories of digital certificates?

Personal, Server, Software Publisher. Signup and view all the answers

Study Notes

Digital Certificates

Digital Certificates link user identity to a public key, signed by a trusted third party.
Contains critical information: owner's name, public key, issuer's name, issuer's digital signature, certificate serial number, and expiration date.

Entities Managing Digital Certificates

Certificate Authority (CA): Issues digital certificates and maintains trustworthiness in the certificate ecosystem.
Registration Authority (RA): Subordinate entity that handles certificate requests and user authentication.
Certificate Repository (CR): Central directory for storing digital certificates and their status.

Certificate Authority Functions

Responsible for generating, issuing, and distributing public key certificates.
Publishes status information and manages revocation requests.
Ensures security and continuity of certificate issuance.

Registration Authority Duties

Processes certificate requests and revocation requests.
Authenticates user identities and verifies public key ownership.

Revocation and Status Checking

Certificate Revocation List (CRL): Lists revoked certificate serial numbers.
Online Certificate Status Protocol (OCSP): Enables real-time certificate status lookups through a responder.

Digital Certificate Categories

Personal Certificates (Class 1): Issued to individuals for email security, requiring basic identity verification.
Server Certificates (Class 2): Certifies web server authenticity and secures connections.
Software Publisher Certificates (Class 3): Validates integrity and security of a developer's software.

Trust Models

Hierarchical Trust Model: One master CA signs all digital certificates.
Distributed Trust Model: Involves multiple CAs for workload balancing and security.
Web of Trust: Based on direct trust, lacks centralized authority for signing certificates.
Bridge Trust Model: Facilitates connection between CAs without issuing certificates.

Certificate Policy and Management

Certificate Policy (CP): Established rules governing PKI operations.
Certificate Practice Statement (CPS): Details CA's management practices for certificates.

Key Management Practices

Key Life Cycle includes Creation, Suspension, Revocation, Expiration.
Proper key management involves secure key storage, handling, and usage procedures.

Cryptographic Transport Protocols

SSL (Secure Sockets Layer): Protocol for secure communications; current version is 3.0.
TLS (Transport Layer Security): Successor to SSL; versions include 1.0, 1.1, and 1.2.
Secure Shell (SSH): Secure alternative to Telnet for remote computer access.

IPsec Protocol

Protects IP communications through authentication, confidentiality, and key management.
Supports Transport Mode (encrypts only data) and Tunnel Mode (encrypts both header and data).

Additional Concepts

Heartbleed: Critical vulnerability in OpenSSL enabling unauthorized access to sensitive data.
Cipher Suite: Specific set of algorithms for encryption and authentication in SSL/TLS.
HTTPS: Combines HTTP and SSL/TLS, operates mainly over port 443 for secure web communication.

Description

Explore the key concepts of Advanced Cryptography through these flashcards focused on Chapter 6. Each card provides definitions and details about essential terms, like Digital Certificates, to enhance your understanding of the subject. Perfect for quick revision and mastery of cryptographic principles.