PKI question

Trying to solidify my PKI knowledge here... Every book I've read tells you each part of PKI but doesn't ever really tell you the entire process that goes into 2 unknown PCs wanting to exchange data with each other. So I made a make shift scenario. What do you think?

CompA wants to exchange communication with CompBB. CompA asks for a digital certificate to be sent from the CA to get their public key to start encrypting data. Because CompA trusts the CA then he will freely receive the certificate and use it when he can. CompBB asks for the same certificate on CompA. Now each PCs have their public keys as well as information.

CompA readies a packet that he wants to send to CompB. CompA will use the documents contents to create a hash value of the message. You then sign the message with your private key to ensure the identity of you, then you encrypt the message with CompBB's public key making it inaccessible. You then send the message.

CompBB receives the message and decrypts the message with his private key giving him access to the packet. He then decrypts the digital signature by using CompA's public key he received in the certificate and knows that definitely came from CompA. He then creates a hash of the message and checks it with the sent hash to make sure that the original message has not been tampered with. Once that is complete then he has access to read the data inside.

Find more posts tagged with

Comments

Mishra

Cracking open the study material again... I'm so lost on where I am with this cert. It's tough to read over things like the DNS section when everything still feels like I have learned/know it... But then I get to the exam and don't know something.

Snadam where are you on this one?

sprkymrk

Mishra wrote:

Trying to solidify my PKI knowledge here... Every book I've read tells you each part of PKI but doesn't ever really tell you the entire process that goes into 2 unknown PCs wanting to exchange data with each other. So I made a make shift scenario. What do you think?

CompA wants to exchange communication with CompBB. CompA asks for a digital certificate to be sent from the CA to get their public key to start encrypting data. Because CompA trusts the CA then he will freely receive the certificate and use it when he can. CompBB asks for the same certificate on CompA. Now each PCs have their public keys as well as information.

CompA readies a packet that he wants to send to CompB. CompA will use the documents contents to create a hash value of the message. You then sign the message with your private key to ensure the identity of you, then you encrypt the message with CompBB's public key making it inaccessible. You then send the message.

CompBB receives the message and decrypts the message with his private key giving him access to the packet. He then decrypts the digital signature by using CompA's public key he received in the certificate and knows that definitely came from CompA. He then creates a hash of the message and checks it with the sent hash to make sure that the original message has not been tampered with. Once that is complete then he has access to read the data inside.

Mishra that is essentially correct as far as I can tell. Did you just want someone to verify, or do you have a specific question?

Mishra

sprkymrk wrote:

Mishra that is essentially correct as far as I can tell. Did you just want someone to verify, or do you have a specific question?

Yeah I just wanted someone to verify.

Appreciate it.

snadam

Mishra wrote:

Cracking open the study material again... I'm so lost on where I am with this cert. It's tough to read over things like the DNS section when everything still feels like I have learned/know it... But then I get to the exam and don't know something.

Snadam where are you on this one?

right here!

I took a needed break from everything, and just got back on the study horse last week. So far I have been pacing myself to a chapter a day; so youre probably leaps and bounds ahead of me at the moment. I haven't really dabbled in the PKI aspect of it yet. So far I find its all Net+ review and common knowledge. I'm about to review DNS again and to be honest, its amazing how much you forget if you don't keep it up.

but to me your PKI scenario sounds good.

I found this white paper on the basic elemnts of PKI I dont know if its too basic, but I got it from the link below, which seems to have more detailed info.

and I also found this PKI whitepaper center here http://www.au-kbc.org/bpmain1/PKI/pkiwhitepapers.html