Digital Certificates

Questions and Answers

Which of the following is NOT a component of a digital certificate?

Private key (correct)

Certificate owner's information

Name of the issuing CA

Public key and its associated algorithm

What is the purpose of revoking a public key?

To extend its validity period

To distribute it widely

To avoid impersonation attacks (correct)

To increase its algorithm strength

How are public keys typically distributed?

On the owner's website

Via email

Certificate servers or directory servers (correct)

All of the above

What is a fingerprint (thumbprint) of a digital certificate?

A hash of the certificate in hexadecimal format for easier manual checks

What is a Certification Authority (CA) and a Registration Authority (RA) collectively known as?

Public Key Infrastructure (PKI)

What is the purpose of Domain Validation in certificate validation?

To check if you control the domain

What is the purpose of Extended Validation in certificate validation?

To perform extensive checks on the organization

What is the purpose of Organisation Validation (OV) in certificate validation?

To check the existence of the organization owning the domain

How do browsers verify the authenticity of a website's certificate?

By verifying the issuing CA's signature on the certificate using the CA's public key

What is the purpose of Certificate Revocation Lists (CRL)?

To communicate revoked certificates

What is the recommended method for storing private keys for individuals?

Encrypted save on a computer's hard drive using a passphrase

What is the purpose of Hardware Security Modules (HSM) or Trusted Platform Modules (TPM) in storing private keys for organizations?

To store private keys and perform cryptographic computations

Which of the following is NOT a component of a digital certificate?

Private key

What is the purpose of revoking a public key?

To avoid impersonation attacks

How are public keys typically distributed?

Certificate servers or directory servers

What is a fingerprint (thumbprint) of a digital certificate?

A hash of the certificate in hexadecimal format for easier manual checks

What is a Certification Authority (CA) and a Registration Authority (RA) collectively known as?

Public Key Infrastructure (PKI)

What is the purpose of Domain Validation in certificate validation?

To check if you control the domain

What is the purpose of Extended Validation in certificate validation?

To perform extensive checks on the organization

What is the purpose of Organisation Validation (OV) in certificate validation?

To check the existence of the organization owning the domain

How do browsers verify the authenticity of a website's certificate?

By verifying the issuing CA's signature on the certificate using the CA's public key

What is the purpose of Certificate Revocation Lists (CRL)?

To communicate revoked certificates

What is the recommended method for storing private keys for individuals?

Encrypted save on a computer's hard drive using a passphrase

What is the purpose of Hardware Security Modules (HSM) or Trusted Platform Modules (TPM) in storing private keys for organizations?

To store private keys and perform cryptographic computations

Which of the following is the purpose of revoking a public key?

To prevent impersonation or man-in-the-middle attacks

What is a digital certificate?

A document that contains the public key, algorithm, and information about the key owner's identity

What is the purpose of a fingerprint (thumbprint) in a digital certificate?

To provide a hash of the certificate in hexadecimal format for easier manual checks

Which of the following is a method for distributing public keys?

All of the above

What is the purpose of a Certification Authority Public Key Infrastructure?

To create and issue digital certificates

What are the levels of certificate validation?

Domain Validation, Organisation Validation (OV), Extended Validation (EV)

What are the components of an X.509 certificate?

Version number, serial number, issuing CA name, validity period, public key, algorithm for the CA's signature, digital signature of the CA

How do browsers verify the authenticity of a website's certificate?

By checking the issuing CA and verifying its signature on the certificate using the CA's public key

What is the purpose of a Certificate Revocation List (CRL)?

To post revoked certificates on certificate servers

What is the recommended way to store private keys for individuals?

On a smartcard/USB token; optionally combined with a PIN/passphrase or biometric identification

What is the purpose of a Hardware Security Module (HSM) or Trusted Platform Module (TPM)?

To store private keys and perform cryptographic computations for organizations

What is the purpose of a Registration Authority (RA) in a Certification Authority Public Key Infrastructure?

To verify the identity of the public key owner

What is the purpose of digital certificates?

To provide a secure way of distributing and verifying public keys.

What is the risk of not properly managing public keys?

Impersonation or man-in-the-middle attacks.

Why is revoking a public key important?

To prevent the use of a compromised private key.

What is the purpose of an expiry date on a public key?

To ensure that keys are regularly updated and not used indefinitely.

What information is included in a digital certificate?

Public key, algorithm, key owner's identity, and digital signatures.

What is the purpose of a fingerprint (thumbprint) of a digital certificate?

To provide an easily verifiable hash of the certificate.

What are the methods for distributing public keys?

Manual distribution, website publication, certificate servers/directory servers.

What is a Certification Authority Public Key Infrastructure composed of?

A Certification Authority (CA) and a Registration Authority (RA).

What is the process for creating a digital certificate?

Creating a public-private key pair, submitting public key to a CA, RA verifies owner's identity, CA issues certificate digitally signed using private key.

What are the three levels of certificate validation?

Domain Validation, Organisation Validation (OV), and Extended Validation (EV).

What components are included in an X.509 certificate?

Version number, certificate serial number, issuing CA name, validity period, owner's information, public key and associated algorithm, algorithm for CA's signature, and digital signature of the CA.

What is the purpose of Certificate Revocation Lists (CRL)?

To list revoked certificates that should no longer be trusted.