Tuesday, March 15, 2011

Security+ Exam Objectives 5.5

5.5 Explain core concepts of public key cryptography.

PKI is widely used system in today’s world as a means to provide for information about what should and shouldn’t happen, which standards need to be applied and complied, but PKI is not a product and therefore does not involve information about what type of algorithms or technologies to use. Instead many see it as a blueprint for how things should be.

  • Public Key Infrastructure (PKI) – PKI is a subset of asymmetric cryptography and is also used to deploy asymmetric cryptography as well as hashing, symmetric cryptography, and certificates to create a secure method of communication. When it comes to PKI, certificates are most commonly used.
  • Recovery agent – A recovery agent is the person who is given a public key certificate for recovering user data that is encrypted. This is the most common type of recovery policy used in PKI.
  •   Public key – Asymmetric key. It uses a public and a private key. Each key is related, but having the public key doesn’t allow for the private key to be generated, which makes it secure and protected.
  •   Private keys – Symmetric key. A single-shared encryption key to both encrypt and decrypt the dat.
  •    Certificate Authority (CA) – The CA is the entity that issues digital certificates. Often times the CA is a trusted third-party
  • Registration – Registration is how one obtains a PKI. It involves a CA and specific steps to ensure the PKI is secure.
  • Key escrow – Key escrow involves an arrangement in which keys required to decrypt information are put in escrow so that in certain instances, an authorized third party can get access to the keys.
  • Certificate Revocation List (CRL) – CRL involves revoking a certificate before it expires. This involves the CA knowing when certain certificates need to be revoked. Often times this happens when a private key becomes known. Any owner of a certificate can ask to have it revoked at anytime as well.
  • Trust models – There are several different trust models used when it comes to PKI. Many times a simple trust model is used; however, when the PKI implementation needs to get bigger, so does the trust model. Some of the most commonly used models are hierarchal, bridge, mesh, and hybrid.

Visit GetCertify4Less or our new site GetCertified4Less to save on your Security+ certification

No comments: