Linux IP Appliance Applications Linux IP Appliance Platform VoIP Security Linux IP Appliance Platform Contact Linux Appliance Platform


Linux IP Appliance


PKI: Public Key Infrastructure

PKI arrangements enable computer users without prior contact to be authenticated to each other, and to use the public key information in their public key certificates to encrypt messages to each other. In general, a PKI consists of client software, server software, hardware (e.g., smart cards), legal contracts and assurances, and operational procedures. A signer's public key certificate may also be used by a third-party to verify the digital signature of a message, which was made using the signer's private key.

In general, a PKI enables the parties in a dialogue to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance, or even any prior contact. The validity of a PKI between the communicating parties is, however, limited by practical problems such as uncertain certificate revocation, CA conditions for certificate issuance and reliance, variability of regulations and evidentiary laws by jurisdiction, and trust. These problems, which are significant for the initial contact, tend to be less important as the communication progresses in time (including the use of other communication channels) and the parties have opportunities to develop trust on their identities and keys.

Links

X.509 Public Key Certificate Management Protocols RFC2510
X.509 Public Key Certificate Revocation RFC3280
AAA: Authentication Authorization Accounting

Open Source

openWebPKI
NEWPKI
OpenSSL
OpenCA