Section 7: Cryptography Part 3

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/29

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 8:45 PM on 5/24/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

30 Terms

1
New cards

PKI

used to create, manage, distribute, use, store, and revoke digital certificates and manage public key encryption.

2
New cards

PKI’s purpose

Is to facilitate the secure electronic transfer of info for a range of network activities such as e-commerce, banking, and confidential email

3
New cards

Have to setup PKI in order to have TLS

True

4
New cards

PKI utilizes hybrid cryptography and provides creation and use of Digital Signatures

True

5
New cards

SSL was replaced by

TLS (same thing basically)

6
New cards

External validation creates

Trust

7
New cards

Certificate authorities are like the DMV for computers

True

8
New cards

SSL Handshake Steps

  1. Client issues secure session request

  2. Server sends X.509 certificate containing servers public key

  3. Client authenticates certificate against a list of known certificate authorities

  4. Client generates random symmetric key and encrypts it using server’s public key

  5. Client and server now both know the symmetric key and encrypt end user data using symmetric key for duration of session.

9
New cards

Key Components of PKI

  • Digital Certificates

  • Certificate Authority

  • Registration Authority

  • Validation Authority

10
New cards

Digital Certificates

electronic documents that contains a public key that use a digital signature to bind a public key with an identity.

11
New cards

Certificate Authority

A trusted entity that issues and manages digital certificates

12
New cards

Registration Authority

often acts as the verifier for the CA before a digital certificate is issued to a requestor

13
New cards

Validation Authority

checks if the certificate is still valid

14
New cards

Certificate Signing Request (CSR)

is a request sent to a CA to apply for a digital identity certificate

15
New cards

Key-pair Generation

first step in generating a CSR is to create a key pair which consists of a public and private key. The private key is kept secret and used to decrypt info encrypted with the public key or to create digital signatures.

16
New cards

All certificates coming out today are the X.509 certificate

True

17
New cards

End Entity Certificates

  • Domain Validation

  • Extended Validation

  • Wildcard Certificates

  • Self Signed Certificates

  • Third-Party Certificates

18
New cards

Domain Validation (DV)

certificate is issued if control of a domain is proven

19
New cards

Extended Validation (EV)

certificate is a higher level of assurance if the CA can verify that the applicant is a legitimate business

20
New cards

Wildcard Certificates

is a type of digital certificate used in TLS/SSL encryption, typically for securing websites

21
New cards

Digital certificates can be either self-signed or issued by a third-party

True

22
New cards

Self Signed Certificates

is created and signed by the entity it represents. These are not inherently trusted by others. Trust must be established out-of-band, meaning users must have a sperate secure way to verify the certificate’s authenticity

23
New cards

Third -Party Certificates

is issued and signed by a trusted CA. The CA verifies the identity of the entity requesting the certificate, ensuring that the entity is who it claims to be (most trustworthy)

24
New cards

Root of Trust

refers to the trust anchor in a Public Key Infrastructure system. This is usually a root certificate authority that is inherently trusted, and from which the trustworthiness of all other certificates in the network is derived. (minimizes data breach or attack cause not getting to the root CA)

25
New cards

Certificate Pinning

a technique that helps to prevent MTIM attacks by hardening the SSL/TLS certificate’s public key into the app or device

26
New cards

Verification Process

  1. Verify the digital signature of the CA is authentic

  2. You trust the CA

  3. The certificate is not listed on a CRL/Certificate Revocation List) or the Certificate Status Protocol.

  4. The certificate actually contains the data you are trusting

27
New cards

Revocation

done when a certificate is compromised, issued by accident, cert details or the security association changes.

28
New cards

Certificate Revocation Lists

contain the serial numbers of certificates that have been revoked

29
New cards

Online Certificate Status Protocol (OSCP)

provides a means for real-time certificate verification

30
New cards

Certificate Stapling

avoids the client sending OSCP request, instead the webserver itself checks, validates the certificate with the CA.