Question

brief description of each
1. process used in PKI
2. process of revocation in PKI
3. digital signature
4. digital certificate

Answer 1

1) Process used in PKI :

a) PKI stands for "Public key infrastructure". PKI provides distribution , revocation and verification of public key used for public key encryption. PKI gives user and and systems ability to securely transmit data over internet and verify the legitimacy of entities holding certificate like Webservers.

b) PKI has several different elements for effective use. CA (Certificate Authority) is used to authenticate digital identities of entities.

c) RA (Registration Authority) which is authorized by certificate authority . It provides digital certificates to user.

d) Certificate history and information is also kept securely which is called certificate store.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

2) Process of revocation in PKI :

Certificates are revoked when private key gets compromised. Certificate revocation involves adding the revoked certificate's serial number to blacklist. This black list is called as CRL (Certificate Revocation List).

Below are the reasons for certificate revocation :

a) When It is thought that private key of certificate is compromised .

b) It is discovered that CA has issued certificate improperly.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

3) Digital Signature :

Digital Signature is type of asymmetric cryptography. Digital signature is method which tells user if a message sent over insecure channel is trusted and sent by genuine sender.Digital signature scheme typically have below algorithms

a) Signing algorithm which takes a message and private key as a input and provides a signed document.

b) Signature verifying algorithm which takes a public key and signature as a input and tell whether to accept message or reject.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

4) Digital Certificate :

Digital certificates are electronic certificate which consists of name , serial number , expiration date , copy of certificate holder's public key , digital signature of certificate issuing authority. There are three classes of certificates :

a) Class 1 : it defines that the certificate do not hold any legal validity as the validation process involves email only .

b) Class 2 : Person's identity is verified against trusted , pre-verified database.

c) Class 3 : Person physically visits RA (Registration Authority) and proves his identity.

Answer 2

the process used in PKI

process of revocation in PKI

digital signature
digital certificate