Here comes part 4. Today we'll talk about certificates and PKI
X.509 Zertifikate / Public key infrastructure (PKI)
Trustcenter (TC) / RootCA / PKI
A trust center is a company, which issues "digital identities". This happens by letting a "trust tree" grow. The root is the so-called RootCA (CA = Certification Authority). It consists technically of a private key and the corresponding public key (often RSA). This combination is generated by the trust center itself (SelfSigned Certificate). This RootCA certificate must be trusted unconditionally, because all identities which are issued by the trust center are backtracked to this root. For the trust centers it is most important to keep their private key secret. Otherwise the trust center cannot be "trusted" anymore (Examples: Commodo, DigiNotar)
Public key infrastructure (PKI)
On basis of this RootCA, so-called intermediate CAs (Certification Authorities) are created. These are usually used for special purposes. They issue digital identities which are only suited for special areas (SSL, S/MIME, digital signature)
Part 5 will follow next week...
Keine Kommentare:
Kommentar veröffentlichen