pkiuniversity.com. alice bob honest abe’s ca simple pki hierarchy
TRANSCRIPT
![Page 1: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/1.jpg)
pkiuniversity.com
![Page 2: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/2.jpg)
Alice Bob
Honest Abe’s CA
![Page 3: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/3.jpg)
![Page 4: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/4.jpg)
Simple PKI hierarchy
![Page 5: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/5.jpg)
Multi-level hierarchy
![Page 6: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/6.jpg)
My personal Certificate(Installed on a Mac)
![Page 7: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/7.jpg)
Dartmouth CA’s Certificate(Installed on a Mac)
![Page 8: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/8.jpg)
Building a trust path
1. To verify certificate α starting with a set of trusted certificates we need to:a. Identify the issuer of α (i.e., β)b. Verify if β is trusted
2. If β is among the set of trusted certificates, the original cert is trusted
3. Else if β is a root certificate, the original cert is untrusted
4. Else if β is not trusted set α=β and repeat the process until a trusted or a root certificate is identified
![Page 9: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/9.jpg)
Typical trust chain
![Page 10: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/10.jpg)
Cross certification
![Page 11: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/11.jpg)
Multiple cross certification
![Page 12: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/12.jpg)
Cross certification fuzziness
![Page 13: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/13.jpg)
Cross certification fuzziness
![Page 14: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/14.jpg)
Bridge CA
![Page 15: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/15.jpg)
Bridge CA advantages
![Page 16: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/16.jpg)
Certification Process
![Page 17: Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy](https://reader035.vdocuments.pub/reader035/viewer/2022081505/5697bfdb1a28abf838cb050d/html5/thumbnails/17.jpg)
How to obtain a certificate1 Alice generates a key pair
2 Alice visits (online or in person) the RA, presenting documents attesting to her identity
3 RA verifies Alice’s documents and, if they’re ok, gives Alice a confirmation #. RA then notifies CA (via secure channel) of Alice’s application, RA’s authentication of her documents, and the confirmation #.
4 CA verifies all this, notes Alice’s application and confirmation #, and returns an authorization code to the RA, and the RA gives that to Alice.
5
Alice creates a certificate request, including a) ID info she gave to RA, b) Authorization code, c) Confirmation #, and d) Her Public key Alice signs the request with her private key, and sends it to the CA
6 CA verifies Alice’s signature on the request, then recovers the public key. CA might also do offline checks on Alice’s ID info.
7 CA creates a certificate with Alice’s public key and ID Info and signs it with the CA’s private key.
8 Alice verifies the CA’s signature on the certificate, and verifies that the public key it contains really is hers (the CA didn’t modify her public key or ID Info).
9 The certificate is published.