Vavada - это онлайн-казино, предоставляющее широкий выбор азартных игр, включая слоты, рулетку, блэкджек и другие. Vavada привлекает игроков разнообразными бонусами и акциями.

PKI Part III: Standards and Algorithms

Posted onJanuary 8, 2009 Edit on by Mike Markiewicz

In the first two parts of this series, I explained public-key cryptography and the role of trusted third parties in a PKI. In this post, I will briefly discuss some standards that have been developed and are used to implement the various pieces of a public key infrastructure.

X.509 is a standard which specifies formats for public-key certificates and CRLs as well as some other things. Some of the information that can be stored using the X.509 standard is the certificate’s subject, issuer, validity dates, and of course, the public key.

PKCS is another set of standards used in public-key cryptography. PKCS #7 brought about S/MIME which is used for signing and encrypting e-mails. PKCS #12 is used to store multiple certificates in one file or to store certificates along with their private keys using a password-based symmetric key for protection.

S/MIME is a standard for encrypting and signing e-mail that works within the MIME standard. Signature and encryption information is sent as an attachment, and it is up to the user’s mail client to interpret the PKCS #7 object. Typically, the attachment is invisible to the user who only sees icons indicating that the message is signed or encrypted.

OCSP is a protocol for checking the revocation status of a digital certificate using the Internet. It is sometimes preferred to CRL distribution since only the needed information is sent instead of an entire CRL.

MD5 is a cryptographic hash algorithm that can be used in the signing of a certificate. A certificate must specify its signature algorithm so it is known how to check the validity of the signature. MD5 has been shown to be vulnerable and is considered to be a weaker choice than the SHA algorithms.

SHA refers to a set of cryptographic hash functions, the most well-known of which being SHA-1. SHA-1 and the SHA-2 family of hash functions are considered stronger than MD5, but they do have a possible mathematical weakness that has prompted the search for an even stronger algorithm. Currently, a competition is being held to develop a new and improved SHA algorithm. The winner will be declared in 2012.

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!