PKI Tutorials - Herong's Tutorial Examples - v2.32, by Herong Yang
PKI (Public Key Infrastructure) Terminology
This section provides descriptions on some commonly used PKI (Public Key Infrastructure) terminologies
CA (Certificate Authority): A PKI role that issues the digital certificate binding subject's identity with subject's public key.
Certification Chain: Also called Certificate Path. An ordered list of certificates where the subject entity of one certificate is identical to the issuing entity of the next certificate.
Certificate Path: Also called Certification Chain. An ordered list of certificates where the subject entity of one certificate is identical to the issuing entity of the next certificate.
CRL (Certificate Revocation List): A list of certificates revoked by the CA.
CTL (Certificate Trust List): A list of items signed by a trusted entity. A CTL is a list of hashes of certificates or a list of file names. All the items in the list are authenticated and approved by a trusted signing entity. A CTL_CONTEXT structure is similar to certificate and CRL context structures. A CTL context can be persisted to the certificate store
Digital Signature: A mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit."
HTTPS (Hypertext Transfer Protocol Secure): A communication protocol that uses the HTTP (Hypertext Transfer Protocol) and the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to provide encrypted communication and secure identification of a Web server.
PEM (Privacy Enhanced Mail): A file format for X.509 certificate files. It uses Base64 encoding to encode the certificate content and adds two boundary lines "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
PKI (Public Key Infrastructure): An information technology infrastructure that enables Internet users to securely and privately exchange information through the use of a public and a private key pair that is obtained and shared through a trusted authority.
PKIX (Public Key Infrastructure for X.509 Certificates): PKIX actually refers to an IETF working group established in 1995 with the goal of developing Internet standards to support X.509-based Public Key Infrastructures (PKIs).
RA (Registration Authority): A PKI role that verifies the identify of the subject.
S/MIME (Secure/Multipurpose Internet Mail Extensions): S/MIME is a standard to secure MIME data with public key signing and encryption. S/MIME was originally developed by RSA Data Security Inc. as PKCS#7 (Public-Key Cryptography Standards #7). The latest specification of S/MIME is RFC 5751: "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 - Message Specification"
SSL (Secure Sockets Layer): A protocol to provide communication security over a computer network using X.509 certificates.
TLS (Transport Layer Security): A protocol to provide communication security over a computer network using X.509 certificates.
VA (Validation Authority): A PKI role that verifies the digital certificate of the subject.
Table of Contents