• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 466
  • Last Modified:

What is PKI & How does it work

What is PKI and  How does it work? Does that involve obtaining digital certificates and how are those applied to devices like firewall in the infrastructure?
0
SydNal2009
Asked:
SydNal2009
  • 3
  • 2
  • 2
  • +3
6 Solutions
 
BillBondoCommented:
A simple google and walla!!!

http://en.wikipedia.org/wiki/Public-key_infrastructure

Just for starters.
0
 
pony10usCommented:
PKI = Public Key Infrastructure.

Simple terms it is a form of encryption using prvate/public keys.  The encryption is performed with the private key which only the company/individual would have. The public key can be distributed to whomever the holder of the keys wishes. You would not be able to open a file that has been encrypted without the public key.

Here is a good Power Point tutorial on PKI:  http://www.cs.odu.edu/~mukka/cs772f07/lectures/day7/pkitutorial.ppt

Applying a cert to network equipment varies depending on the actual equipment.
0
 
cristiantmCommented:
Actually PKI is not a form of encryption, or anything like that. That would be assymetric crytography.

PKI means Public Key Infrastrutcture.

It is everything that is necessary to make assymetric cryptography practical in the real world. That may include hardware, software, policies, etc. By practical, I mean that you get a key pair and you can know who owns the private key, so you can use the assymetric (public/private key) algorithm for encrypting something to the right person, or to digitally sign data, or for authentication mechanisms.

That usually involves digital certificates. A certificate contains the public key and information on who owns the associated private key, and its content is digitally signed so this information can be verified. It may be signed by some trusted third party (X.509 PKIs), by other certificates (PGP), etc.

The question about firewalls is not clear. Could you please detail what you want to know?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
pony10usCommented:
@cristiantm  -  Thank you for correcting me.  I was working on another issue at work involving encryption and didn't separate the two trains of thought very well.  

Must be age creeping up on me (more like slapping me in the face.  :)  )
0
 
SydNal2009Author Commented:
What I meant to ask is how do you apply the certificates, in regard to which devices they can be implemented? Is it a file you load onto a firewall, a NIDS, a server or a layer 7 proxy firewall?
0
 
cristiantmCommented:
Still not clear , sorry. What precisely do you want to archive or what situation you have that lead you to  this question?

A firewall/server/whatever may  use certificates for a lot of things. And how it is implemented is also very broad topic. Usually a device may use certificates to authenticate itself for other devices, and that probably means it will generate a key and ask someone to sign it. But certificates may have other usages...
0
 
Rich RumbleSecurity SamuraiCommented:
Often devices create their own Certificates, and those are either pre-shared or simply accepted by the other client. This is the case for SSH, a secure tunneling protocol that allows you to send otherwise plain-text commands and other data, through a secure transport tunnel.
Firewalls for example, can create their own certs, you they can import ones of your choosing. For more about encryption have a look at my article, it doesn't cover PKI all that well, but it does touch on many common encryption and hashing questions:
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html Other Articles I have too  may be of interest.
-rich
0
 
cristiantmCommented:
Just a small correction to rich´s post, ssh actually does not use certificates. You only share the public key and set it as trusted on the client side. There is no certificate involved.

However it is true that many devices create their own (self-signed) certificates. Moreover, some devices have a full "PKI" for managing user accounts and internal keys (root CA, intermediate CA, user certificates, keys and certificates for unlock some internal functions, etc.). Thats why the question is very hard to answer without knowing what exactly the author has in mind.
0
 
Rich RumbleSecurity SamuraiCommented:
Correct, pedantic and correct. They use KEYS, self-generated keys :) But the principals are nearly the same, except for the trust/signing portion. The keys can be pre-shared like certificates do with the root cert's in your OS and browser, or you can merely accept them when you first connect, and trust them that way.
-rich
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now