PKI (Public Key Infrastructure) Terminology

This section provides descriptions on some commonly used PKI (Public Key Infrastructure) terminologies

CA (Certificate Authority): A PKI role that issues the digital certificate binding subject's identity with subject's public key.

Certification Chain: Also called Certificate Path. An ordered list of certificates where the subject entity of one certificate is identical to the issuing entity of the next certificate.

Certificate Path: Also called Certification Chain. An ordered list of certificates where the subject entity of one certificate is identical to the issuing entity of the next certificate.

CRL (Certificate Revocation List): A list of certificates revoked by the CA.

CTL (Certificate Trust List): A list of items signed by a trusted entity. A CTL is a list of hashes of certificates or a list of file names. All the items in the list are authenticated and approved by a trusted signing entity. A CTL_CONTEXT structure is similar to certificate and CRL context structures. A CTL context can be persisted to the certificate store

Digital Signature: A mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit."

HTTPS (Hypertext Transfer Protocol Secure): A communication protocol that uses the HTTP (Hypertext Transfer Protocol) and the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to provide encrypted communication and secure identification of a Web server.

PEM (Privacy Enhanced Mail): A file format for X.509 certificate files. It uses Base64 encoding to encode the certificate content and adds two boundary lines "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".

PKI (Public Key Infrastructure): An information technology infrastructure that enables Internet users to securely and privately exchange information through the use of a public and a private key pair that is obtained and shared through a trusted authority.

PKIX (Public Key Infrastructure for X.509 Certificates): PKIX actually refers to an IETF working group established in 1995 with the goal of developing Internet standards to support X.509-based Public Key Infrastructures (PKIs).

RA (Registration Authority): A PKI role that verifies the identify of the subject.

S/MIME (Secure/Multipurpose Internet Mail Extensions): S/MIME is a standard to secure MIME data with public key signing and encryption. S/MIME was originally developed by RSA Data Security Inc. as PKCS#7 (Public-Key Cryptography Standards #7). The latest specification of S/MIME is RFC 5751: "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 - Message Specification"

SSL (Secure Sockets Layer): A protocol to provide communication security over a computer network using X.509 certificates.

TLS (Transport Layer Security): A protocol to provide communication security over a computer network using X.509 certificates.

VA (Validation Authority): A PKI role that verifies the digital certificate of the subject.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 10

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Digital Signature - Microsoft Word 2007

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version