Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)

Previous Topic/Section
4.5.10.1  Multiple Key Pairs (Single, Dual)
Previous Page
Pages in Current Topic/Section
1234
5
6
Next Page
4.7  Success Questions
Next Topic/Section

4.6  Summary
(Page 5 of 6)

Cryptography Standards



You learned that cryptography is standardized by a variety of organizations including:

  • IEEE

  • ANSI, responsible for the X.509 certificate standard, currently at X.509v3 and the X.509v2 Certificate Revocation List, or CRL, standard; also sponsors X9F1 committee for financial industry cryptography standards.

  • IETF, whose PKIX, or PKI X.509, committee is involved in issues around public key management; PKIX defines certificate formats and protocols for issuing and authenticating certificates.

  • RSA Data Security, a market leader in asymmetric crypto, many ANSI X9 standards were first developed by RSA in their series of PKCS standards, including PKCS #3 dealing with Diffie-Hellman Key Agreement, PKCS #10 for requesting certificates and PKCS #11 which details an interface for accessing data from smartcards.

  • FIPS, a series of standards developed by NIST and used by the government; they include secure hashing, digital signatures and AES encryption standards.
Certificate Life Cycle

You also learned about the certificate life cycle, including events like:

  • Issuance, certificates are requested by the individual or supervising organization; the CA verifies the requester’s identity, generates a key pair and certificate, and sends these items to the requester.

  • Suspension, temporary invalidation of a certificate, often used if you suspect compromise of the private key but don’t know for sure if it has occurred.

  • Expiration, when the certificate reaches the expiration date listed in the certificate, it is no longer valid; the normal valid period for a certificate is a year or two.

  • Status Checking, users of a certificate can AND SHOULD check the status of a certificate to ensure it is still valid before relying on it for anything; practically speaking, client software such as an email client program is notorious for NOT doing this, and thus accepting certificates which may not be valid, so users are encouraged to check certificates independently.

  • Revocation, the irreversible invalidation of a certificate; once revoked, a certificate is no longer considered valid; this can happen if the subscriber informs the CA that the private key for that certificate has been compromised; certificates can be revoked by being placed on a CRL, or by inclusion in an OCSP, or online certificate status protocol, database, which is a newer revocation list management system that enables more up-to-date status tracking.

  • Recovery, the process of reacquiring a private key that has been lost due to hardware failure, user error, etc.; an organization might also want to recover a private key for an ex-employee if required for a business function or law enforcement investigation; relies on key escrow and secure storage.

  • Renewal, the process of re-validating or replacing a certificate that is near or at its expiration date; some CA’s recommend totally replacing a certificate with a new key pair; others think just issuing an updated one with the current key pair is sufficient.

  • Destruction, the permanent removal of a key pair you no longer need.

Previous Topic/Section
4.5.10.1  Multiple Key Pairs (Single, Dual)
Previous Page
Pages in Current Topic/Section
1234
5
6
Next Page
4.7  Success Questions
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.