Page 441 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 441
Public Key Infrastructure
The major strength of public key encryption is its ability to facilitate
communication between parties previously unknown to each other.
This is made possible by the public key infrastructure (PKI) hierarchy
of trust relationships. These trusts permit combining asymmetric
cryptography with symmetric cryptography along with hashing and
digital certificates, giving us hybrid cryptography.
In the following sections, you’ll learn the basic components of the
public key infrastructure and the cryptographic concepts that make
global secure communications possible. You’ll learn the composition
of a digital certificate, the role of certificate authorities, and the
process used to generate and destroy certificates.
Certificates
Digital certificates provide communicating parties with the assurance
that the people they are communicating with truly are who they claim
to be. Digital certificates are essentially endorsed copies of an
individual’s public key. When users verify that a certificate was signed
by a trusted certificate authority (CA), they know that the public key is
legitimate.
Digital certificates contain specific identifying information, and their
construction is governed by an international standard—X.509.
Certificates that conform to X.509 contain the following data:
Version of X.509 to which the certificate conforms
Serial number (from the certificate creator)
Signature algorithm identifier (specifies the technique used by the
certificate authority to digitally sign the contents of the certificate)
Issuer name (identification of the certificate authority that issued
the certificate)
Validity period (specifies the dates and times—a starting date and
time and an ending date and time—during which the certificate is
