Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Public-key cryptography
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Public key infrastructure === One approach to prevent such attacks involves the use of a [[public key infrastructure]] (PKI); a set of roles, policies, and procedures needed to create, manage, distribute, use, store and [[certificate revocation|revoke]] digital certificates and manage public-key encryption. However, this has potential weaknesses. For example, the certificate authority issuing the certificate must be trusted by all participating parties to have properly checked the identity of the key-holder, to have ensured the correctness of the public key when it issues a certificate, to be secure from computer piracy, and to have made arrangements with all participants to check all their certificates before protected communications can begin. [[Web browser]]s, for instance, are supplied with a long list of "self-signed identity certificates" from PKI providers β these are used to check the ''bona fides'' of the certificate authority and then, in a second step, the certificates of potential communicators. An attacker who could subvert one of those certificate authorities into issuing a certificate for a bogus public key could then mount a "man-in-the-middle" attack as easily as if the certificate scheme were not used at all. An attacker who penetrates an authority's servers and obtains its store of certificates and keys (public and private) would be able to spoof, masquerade, decrypt, and forge transactions without limit, assuming that they were able to place themselves in the communication stream. Despite its theoretical and potential problems, Public key infrastructure is widely used. Examples include [[Transport Layer Security|TLS]] and its predecessor [[Transport Layer Security#SSL 1.0, 2.0, and 3.0|SSL]], which are commonly used to provide security for web browser transactions (for example, most websites utilize TLS for [[HTTPS]]). Aside from the resistance to attack of a particular key pair, the security of the certification [[hierarchy]] must be considered when deploying public key systems. Some certificate authority β usually a purpose-built program running on a server computer β vouches for the identities assigned to specific private keys by producing a digital certificate. [[Digital certificate|Public key digital certificates]] are typically valid for several years at a time, so the associated private keys must be held securely over that time. When a private key used for certificate creation higher in the PKI server hierarchy is compromised, or accidentally disclosed, then a "[[man-in-the-middle attack]]" is possible, making any subordinate certificate wholly insecure.
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Public-key cryptography
(section)
Add topic
