Public Key Cryptography
PKI (Public Key Infrastructure)
- CA (Certificate Authority) binds public key with identity. = TTP Trusted Third Party. E.g. Symantec, Comodo, GoDaddy, digicert, GlobalSign
- OSCP Responder
- RA (Registration Authority) = subordinate CA in Microsoft PKI.
- VA (Validation Authority)
- Central Directory to store index keys
- Certificate Management System
- Certificate Policy
1. CA
2. Web of Trust. E.g. PGP (Pretty Good Privacy) and GnuPG
3. Simple Public Key Infrastructure (SPKI). Authorization loop : verifier = issuers
Open Source implementation of CA
- OpenSSL is the simplest CA and tool to build PKI enabled apps. C. Part of all major Linux distributions,
- EJBCA is a full featured, Enterprise grade, CA implementation. Java.
- OpenCA is a full featured CA implementation
- XCA is a graphical interface, and database.
- (Discontinued) TinyCA was a graphical interface for OpenSSL.
- XiPKI CA and OCSP responder. With SHA3 support, OSGi-based Java.
- IoT_pki is a simple PKI. Python cryptography library
- DogTag
- gnoMint
- EasyRSA, OpenVPN's command line CA utilities using OpenSSL.
- r509
- Boulder is an automated server that uses the Automated Certificate Management Environment (ACME) protocol.
- Windows Server : Active Directory Certificate Services.
- CAcert https://en.wikipedia.org/wiki/CAcert
- Let's Encrypt. https://en.wikipedia.org/wiki/Let%27s_Encrypt
Tools
- OpenSSL : https://www.feistyduck.com/books/openssl-cookbook/
- genrsa
- ssh-keygen
Standards
Public Key Cryptography Standards : https://en.wikipedia.org/wiki/PKCS
Cryptographic Message Syntax : https://en.wikipedia.org/wiki/Cryptographic_Message_Syntax and RFC 2315, RFC 2360, RFC 3369
Books
1. Introduction to cryptography and network security
2. Cryptography theory and practice
3. Field Arithmetic
4. Problems in the Theory of Modular Forms
0 comments:
Post a Comment