As IT infrastructures grows larger and larger and each day,
more people and companies use various IT systems. Of course, users want that
their important data would be private and secure. It could be done by data
encryption. Encryption is a process, which encodes message of information that
other unauthorized party can’t decode. Encryption keys are used for this this procedure.
In this project we will analyze asymmetric key (public / private key) system.
Public key infrastructure (PKI) is a what used to secure
electronic transfer of information for a range of network operations such as
e-commerce, internet banking, confidential email and other activities. It enables
entities to securely communicate on an insecure public network, and reliably
verify the identity of an entity via digital signatures.
As public keys on PKI have to be signed it is sent to Root
Certificate Authority. Many organizations have some kind of sites or other type
of service which need to have certificate signed by one of these root
authorities. It can be expensive, especially if organization have multiple
systems or services to be signed. The solution for that is for company to
become its own Root Certificate Authority.
PKI can be set up for various systems and services like
Apache, Nginx, Windows, Linux and so on. On some of the systems it’s easier on
others – harder. This analysis will cover PKI implementation Linux OS. Main
analysis task will be these:
Overview PKI system and its structure;
Implementing OpenSSL for PKI on Linux OS;
Pros and cons of such system.
Public key infrastructure
Before getting into problem solving we need to overview PKI
components and its operation. By doing this it will be know what we need on our
system and what type of task required to do.
As mentioned before public key infrastructure (PKI) is a
security system in which users can transfer encode and sign digitally their message
using public key cryptography. PKI uses asymmetric key or in other words,
public / private key cryptography system.
This cryptographic key and certification system lets to have
secure transactions of important and confidential data between relatively unfamiliar
objects. PKI provides authentication, confidentiality and integrity for data that is transferred
between these objects or users. ms
The assurance that an entity is who he/she/it claims to be. Its function is to
The assurance to an entity that no one can read a particular piece of data
except the receiver(s) explicitly intended.
The assurance to an entity that data has not been altered (intentionally or
unintentionally) between “there” and “here,” or between
“then” and “now.”
In public key infrastructure it is agreed that third party
will check user’s identity and vouch for it. It also let’s tie connect user to
according key pair. That is typically done by software on main server which
interacts with software on end points of connection. In most cases public keys are held in certificates.
The public key must be signed in an X509 certificate, and
the certificate used to sign it must be available as Certificate Authority (CA)