PKI

Xin Meng
Mind Map by Xin Meng, updated more than 1 year ago
94
2
0

Description

PKI
Tags

Resource summary

PKI
1 X.509
1.1 Certificate Encode
1.1.1 PEM:Privacy Enhanced Mail
1.1.2 DER:Distinguished Encoding Rules
1.2 Certificate Extension Name
1.2.1 CRT
1.2.2 PEM
1.2.3 CER
1.2.4 KEY
1.2.5 PFX/P12
1.2.6 JKS
1.2.7 CSR: Certificate Signing Requst
1.3 `openssl` command
1.3.1 Generate self-sign certificate
1.3.1.1 openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
1.3.2 Generate CSR
1.3.2.1 openssl req -newkey rsa:2048 -new -nodes -keyout my.key -out my.csr
1.3.3 Display the Certificate Information
1.3.3.1 PEM
1.3.3.1.1 openssl x509 -in certificate.pem -text -noout
1.3.3.2 DER
1.3.3.2.1 openssl x509 -in certificate.der -inform der -text -noout
1.4 Digital Certificate? or Public Key Certificate
1.4.1 Public Key + Owner Information + Digital Signature Signed by CA
1.5 Structure
1.5.1 Abstract Syntax Notation (ASN): describe the structure
1.5.1.1 ASN serves the same purpose as a DTD or an XSD might serve in an XML context
1.5.2 TOP level
1.5.2.1 version
1.5.2.2 serialNumber
1.5.2.3 signature
1.5.2.3.1 CA sign
1.5.2.3.2 Self-sign for test
1.5.2.3.3 object identifier (OID)
1.5.2.3.3.1 MD5withRSA: 1.2.840.113549.1.1.4 = 2A 86 48 86 F7 0D 01 01 04
1.5.2.3.3.2 SHA-1withRSA: 2A 86 48 86 F7 0D 01 01 05
1.5.2.4 issuer
1.5.2.4.1 Distinguished Name
1.5.2.5 validity
1.5.2.6 subject
1.5.2.7 subjectPublicKeyInfo
1.5.2.8 issuerUniqueID
1.5.2.9 subjectUniqueID
1.5.2.10 extensions
2 CA

Annotations:

  • CA sign the Digital certificate
3 RA
4 VA
5 Use Cases
5.1 SSL(TLS)
5.2 SAML
5.3 Software Licence
5.4 PDF signature
5.5 SSH
6 Algorithms
6.1 private key cryptography
6.1.1 DES,Data Encryption Standard
6.1.2 AES, Advanced Encryption Standard (128,192, 256)
6.1.3 RC4
6.1.4 IDEA
6.2 public key cryptography
6.2.1 RSA, Rivest, Shamir, Adleman: length>768 has not been cracked. So 1024 basic security and 2018 is more security
6.2.2 Digital Signature Algorithm, DSA, Only signature
6.2.3 Diffie-Hellman: Only for exchange key
6.2.4 ECC, Elliptic curve cryptography
6.3 Digest Algorithm
6.3.1 SHA Secure Hash Algorithm
6.3.1.1 SHA-1 : 160-bit
6.3.1.2 SHA-2: SHA256: 256-bit
6.3.2 MD5 Message-Digest Algorithm 5
6.3.3 CRC Cyclic Redundancy Check
Show full summary Hide full summary

Suggestions

CCNA Security 210-260 IINS - Exam 3
Mike M
CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
Exam 70-410: Installing and Configuring Windows Server 2012 R2
Mike M
Project Communications Management
farzanajeffri
CompTIA Network+ Common Ports
Justin McFall
CompTIA Network+ Acronyms
Justin McFall
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
JAMF 100
Melissa Simpson
Microsoft Excel Basics
anvithavinod24
CCNA Security 210-260 IINS - Exam 3
irvin pastora
Microsoft Exam 70-410: Volume 1- Test 2
Alex Quito
CIT 214 Microsoft Server Configuration - Final Exam Part 2 - Basic Edition
Jesse Collins
Active Directory Architechture
Tyler Lee-Farrell
CCNA Security 210-260 IINS - Exam 1
irvin pastora
CCNA5 Chapter 3 Exam Practice
Matthew M
Cisco IT Essentials 7.0 | Chapter 13: Security Exam
dksajpigbdu asdfagdsga
Cisco IT Essentials 7.0 - Chapter 12: Mobile, Linux, and macOS Operating Systems Study Quiz
dksajpigbdu asdfagdsga
Cisco IT Essentials 7.0 - Chapter 5: Networking Concepts Exam
dksajpigbdu asdfagdsga
Preventing the misuse of your personal information
RdotK