Introduction to the Public Key Infrastructure for the Internet

The practical, results-focused PKI primer for every security developer and IT manager.

Public Key Infrastructure (PKI) and related standards give you powerful new ways to solve your toughest e-commerce and Internet security problems. Now there's a comprehensive PKI primer for both technical and nontechnical professionals. IBM security expert Messaoud Benantar delivers the in-depth guidance developers and managers need to make PKI work, including coverage of important related topics such as ASN.1 and PKCS. From start to finish, Benantar focuses on getting results—and on answering your most critical questions about PKI deployment, operation, and administration. Coverage includes:

• The fundamentals of secret and public key cryptography
• The challenge of key distribution, and the central role of public key assurance systems
• Using PKIX to build secure Internet systems
• Understanding the PKIX notational language, data encoding scheme, and topology
• Implementing effective PKI trust models
• Using LDAP as an Internet repository for PKIX
• Certificate validation, credentials management, and key rollover issues

Contents

Preface.

1. Secret Key Cryptography.

Introduction.
Background.
Basic XOR.
About the Key Space.
Common Secret Key Algorithms.
Security Services of Secret Key Encryption.
Secret Key Cryptography and Nonrepudiation.
Origin Authenticity.
Data Integrity.

2.Secret Key Distribution and Management.

Introduction.
Sharing Secret Keys: Topology Effect.
Central Secret Key Management.
The Needham-Schroeder Scheme.
A Note about Secret Key Distribution.

3. Public Key Cryptography.

Foundations of Public Key Cryptography.
The Fate of Secret Key Cryptography.
Public Key Cryptography Services.
Trusting a Public Key.

4. Public Key Establishment-the PKIX Way.

Introduction.
Background.
PKIX Certificates and Certificate Revocation Lists.
Elements of PKIX.
ASN.1: The PKIX Definition Language.
The PKIX Information Mode.

5. X.509 Certificate and CRL Extensions.

Introduction.
X.509 v3 Certificate Extensions.
About the X.509 Certificate Extensions.
X.509 v2 CRL Extensions.
Reason Code.
Invalidity Date.
Certificate Issuer.
Hold Instruction Code.

6. Trust Establishment in PKIX.

Introduction.
Hierarchical Trust.
Cross-Certification.
Hybrid Model.
Web Trust Model.
Certificate Validation.
Validation Input.
Validation Procedure.

7. PKIX Topology and Operational Protocols.

Introduction.
The Infrastructure Topology.
Overview of the PKI Management Operations.
Certificate Management Protocol (CMP).

8. PKI Certificate and CRL Repositories.

Introduction.
FTP.
HTTP.
Electronic Mail.
DNS.
LDAP.

9. PKI Credentials Management.

Introduction.
PKCS #8.
PKCS #12.
PKCS #11.
PKCS #15.

10. PKI-Based Security Applications.

Introduction.
PKCS #7.
Content Parameterization.
Encrypted Data.
Enveloped Data.
Signed and Enveloped Data.
Digested Data.
PKCS #7 Security Services.
CMS.
CMC.
Further Protections of CMS Messages.
S/MIME v3.
SSL/TLS.

References.

Index.