Chapter 10 - Public Key Infrastructure

Abstract

Public key infrastructure (PKI) is a robust mechanism and there are so many safeguards in place to protect key pairs. The PKI identification process is based on the use of unique identifiers, known as keys. Each person using the PKI creates two different keys, a public key and a private key. The public key is openly available to the public, while the private key is known only by the person for whom the keys were created. Through the use of these keys, messages can be encrypted and decrypted for transferring messages in private. In order to use PKI, one must possess a digital certificate. Information stored in a digital certificate includes serial number, subject, and signature algorithm, issuer, valid from, valid to, public key, thumbprint algorithm, and thumbprint. There must be a checks-and-balances system for managing certificates and associated keys. This issue is addressed through the key management life cycle. Security professionals have to resolve questions regarding centralized vs. decentralized key management; how keys will be stored for both online use and key archival. They also have to decide how a company will or will not use key escrow. Key/certificate management also includes certificate expiration, certificate renewal, certificate revocation, and key destruction. Understanding the components and the associated standards, protocols, features, and uses of PKI will help to ensure a smooth integration with the networking environment.