Internal

• openssl
• keytool

Overview

Public Key Infrastructure (PKI)

A public key infrastructure (PKI) is a set of roles, policies and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The components of the architecture are aimed at binding public keys with respective identities of entities owning those public keys, such as people or organizations. The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA).

Certificate Authority (CA)

Registration Authority (RA)

Certificate

Key Pair

Public Key

Private Key

X.509

X.509

SSL/TLS

Transport Layer Security (TLS) is the successor of Secure Sockets Layer (SSL). They are both cryptographic protocols designed to provide communications security over a computer network. The client/server pair use a symmetric key to encrypt the communication. The symmetric key is unique and generated for each connection, as part of a protocol exchange that involves pair's public and private keys. For more details, see:

SSL/TLS

Asymmetric Cryptography

Asymmetric cryptography or public key cryptography is a cryptographic system that uses pairs of keys: public keys which may be disseminate publicly, and widely and private keys that are known only to the owner, to provide authentication and encryption. The authentication function is provided by using the public key of the counterpart to verify that a message was indeed signed with the counterpart's private key, thus insuring authentication. The encryption function is provided by encrypting the message with the public key of the recipient. The message thus encrypted can only be decrypted by the recipient, using its private key, and by nobody else.