With the promulgation of the Cryptography Law, China has elevated the application of information system cryptography to the legal level, and PKI is an important support for security services such as identity authentication, data confidentiality, integrity, and non-repudiation, which helps enterprises meet the requirements of information system cryptography application and compliance, and successfully pass the classified protection and secret evaluation. Therefore, today Xiao Rui will take you to have an in-depth understandingAbout pkiof those thingsLet's take a look.
OnepkiWhat is it?
PKI stands for Public Key Infrastructure. To put it simply, PKI is a system that provides public key encryption and digital signature services, with the purpose of automatically managing keys and certificates to ensure the authenticity, integrity and non-repudiation of the confidentiality of digital information transmission on the Internet.
2. What can PKI provide?
Authenticity:Identification & Identification – Make sure that the other party you're communicating with is who they claim to be.
Completeness:No modification, no errors – the information is guaranteed to remain untampered with or destroyed during storage or transmission.
Confidentiality:Privacy & Confidentiality – No party other than the communicating party has access to this information.
Non-repudiation:Determination of Liability – Neither party can deny what it has done.
3. What does PKI consist of?
In fact, the composition of a PKI system can be composed of two parts: a physical component and an auxiliary component.
Entity Components:
Certificate AuthoritycaIt is an independent trusted third party that issues digital certificates for certificate holders, and the identity and public key of the certificate holder are declared in the digital certificate.
Certificate holdersApply for a digital certificate from the CA and provide the necessary information to the CA to prove its identity and ability to obtain a certificate issued by the CA.
Relying partyWhen the relying party interacts with the certificate holder (such as establishing a communication connection), it obtains the certificate holder's digital certificate to verify the authenticity and validity of the digital certificate.
Auxiliary Components:
RA Registry, responsible for conducting various information reviews to ensure that the identity information of the certificate applicant is correct.
repositoryfor the publication of various public information of the CA system. For example, certificates, CCL, CP, CPS, OCSP, etc.
crl issuerReceive and process revocation information, specializing in the periodic issuance of certificate revocation lists.
ocsp serverOCSP is also used to check whether a certificate has been revoked and respond to a query request from a PKI user in real time.
Key Management SystemIt is used for a large number of key management tasks, including key generation, backup, hosting, and recovery.
IV. Pkiapplications
Based on PKI technology, there are many security standards that rely on PKI, that is, PKI application standards, such as secure socket layer standard SSL, transport layer security protocol TLS, secure multi-purpose Internet mail extension protocol MIME and IP security protocol IPSEC. These standards are primarily used for communication between web servers and browsers, e-mail, Electronic Data Interchange (EDI), credit card transactions over the Internet, virtual private networks (VPNs), internal Wi-Fi, and other areas of MFA-enabled services.
The above is the common knowledge collected about PKI, PKI is the cornerstone of information security, through the application of PKI we can achieve trusted identity authentication, data encryption and digital signatures.