cmsc 426 lecture 6 PKI

What is a Public Key Infrastructure (PKI)?

PKI is a system of hardware, software, people, policies, and procedures used to create, manage, distribute, store, and revoke digital certificates.

What is the purpose of PKI?

PKI links public keys to identities via digital certificates, enabling secure communications, authentication, integrity, and non-repudiation.

What is an X.509 certificate?

It’s a digital certificate verifies the ownership of a public key by the named subject of the certificate. format used widely in web browsers, email, code signing, etc.

What are Certificate Authorities (CAs)?

Trusted entities that issue digital certificates. They can be root CAs (self-signed and highly trusted) or intermediate CAs (signed by a root CA).

What does an X.509 certificate contain?

• Identity of the certificate holder

• Public key

• Validity period

• Revocation info

• Issuing CA’s identity

• Hash of all info

• Digital signature of hash (by CA’s private key)

What is a self-signed certificate?

A certificate signed by the entity's own private key instead of a trusted CA. Used in test environments or internal networks. Root CAs are also self-signed.

What is a Certificate Signing Request (CSR)?

A request sent to a CA containing a public key and identifying info, used to apply for a digital certificate.

What is a “Chain of Trust” in PKI?

A hierarchical path of trust where a certificate is verified by one issued by a higher CA, up to a trusted root CA. Browsers and OSes have built-in trusted root CAs.

How is trust established in a digital certificate system?

Trust is established through digital signatures on certificates, issued by trusted Certificate Authorities within the PKI.