Versions Compared

Old Version 5

changes.mady.by.user jimm1

Saved on

compared with

New Version Current

changes.mady.by.user jimm1

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

https://www.techtarget.com/searchsecurity/definition/Public-Key-Cryptography-Standards

pkcs-techtarget.com-What are Public-Key Cryptography Standards PKCS.pdf  link

pkcs-techtarget.com-What are Public-Key Cryptography Standards PKCS.pdf. file


These standards cover the following:

  • Rivest-Shamir-Adleman (RSA) encryption
  • RSA signature
  • password-based encryption
  • encrypted or cryptographic message syntax
  • private key information syntax
  • selected object category and attribute type
  • certification or authentication request syntax
  • encryption or cryptographic token interface
  • personal information exchange syntax
  • encrypted or cryptographic token information syntax

A primary goal of developing PKCS was to make different applications from different vendors interoperable. However, security developers also had other aims, namely, to accelerate the deployment of public key cryptography by vendors, foster more secure communications through extensive cryptography and avoid the errors in typical schemes


Entrust on PKI Concepts

https://www.entrust.com/resources/certificate-solutions/learn/what-is-pki#:~:text=PKI%20is%20an%20acronym%20for,identity%20and%20provides%20certain%20allowances.

...

Summarized with 20 bullet points

  1. Session Introduction: Paul Turner from Benefi introduces the basics of certificate issuance in Public Key Infrastructure (PKI), aiming to clarify the complex hierarchy involving root and issuing CAs.
  2. PKI Hierarchy Overview: The session outlines the typical structure of PKI, including root CAs, issuing CAs, and individual server certificates, forming a hierarchical model.
  3. Importance of Root CA: The process of setting up a root CA is explained as intricate and critical, involving a ceremonial and secure setup to ensure trustworthiness.
  4. Root CA Key Pair Creation: It is highlighted that the root CA creates a key pair, consisting of a public and private key, crucial for signing certificates and establishing security.
  5. Self-Signed Root Certificate: The root CA issues a self-signed root certificate, proving access and authenticity to its own key pair, despite inherent security limitations of the certificate itself.
  6. Distribution of Root Certificates: Emphasizes the security of root certificates not in the certificate itself but in the secure distribution process to software vendors' trust stores.
  7. Issuing CA Setup: Describes the setup of an issuing CA, mirroring the root CA's process with its own ceremony and security protocols, including key pair creation and requesting a certificate from the root CA.
  8. Certificate Signing Request (CSR) for Issuing CA: The issuing CA creates a CSR containing its public key and other relevant information, which is sent to the root CA for signing.
  9. Security of Issuing CA's Certificate: Highlights the security measures and validation process involved in the root CA signing the issuing CA's certificate, ensuring its authenticity.
  10. Server Certificate Issuance Process: Details the steps taken by server administrators like Bob for domain ABCD.com to generate key pairs, create CSRs, and request certificates for servers.
  11. Validation of Server's Certificate Request: Explains the need for server administrators to prove their authority and domain ownership as part of the certificate request process.
  12. CA's Role in Signing Server Certificates: Discusses how the CA, upon validating the server's request, uses its signing key to issue a certificate, establishing trust for the server's communications.
  13. Chain of Trust Formation: The process creates a chain of trust linking the server certificate to the issuing CA and up to the root CA, validating the entire path.
  14. Security Implications of Signing Keys: Emphasizes the importance of secure signing keys used by CAs to authenticate and sign certificates, forming the backbone of trust.
  15. Public vs. Private CAs: Distinguishes between public CAs, which are trusted by browsers worldwide, and private CAs, which are trusted within specific organizations.
  16. Complexity of Certificate Issuance: Acknowledges the intricate nature of certificate issuance and the many steps involved in ensuring a secure and trusted PKI environment.
  17. Future Topics on Validation: Hints at future discussions detailing the validation process and how each certificate in the chain is verified for authenticity.
  18. Administrative Responsibilities: Highlights the administrative responsibilities in managing PKI, including creating key pairs, handling CSRs, and ensuring proper validation.
  19. Role of Trust Stores: Mentions the critical role of trust stores in software vendors, which hold the trusted root certificates needed to validate chains of trust.
  20. Summary and Importance: Concludes by reinforcing the importance of understanding the certificate issuance process within PKI for securing communications and validating identities in digital environments.





Java Keystores

https://www.pixelstech.net/article/1408345768-Different-types-of-keystore-in-Java----Overview

...

A passkey is a unique cryptographic key pair that allows you to access online services without using passwords. It is based on asymmetric public-key cryptography.

Unlike passwords, passkeys are resistant to phishing, are always strong, and are designed so that there are no shared secrets. –– FIDO Alliance

Passkey challenges

Where are passkeys reliably custodied without threat ?

How are passkeys automatically updated without client impact?

What are passkey standards - just PKI






Access Management ( RBAC )

...