Uploaded by gansa0906

pki1

advertisement
Page:of 9
PKI SYSTEMS TEST : Initial Planning and Long
Term Strategy
Susan Congiu
2/01/2001
Version 1
Abstract
A solid PKI supports the following features: Public key encryption to protect packages
using digital certificate
s to encrypt, decrypt; digital signing of packages verify identity
and integrity of packages; certificate management using local storage for sender
certificates and verifies sender/recipient certificates. This plan is a broad overview
and is meant to step
out
of
the box and look at your holistic architecture. The
common goal is that we want to make sure that for true web security we have privacy,
authenticity, integrity, and availability. Furthermore, a solid long
term strategy should
be signed off on to
ensure that legal aspects can be handled if your server is somehow
compromised.
PKI Test Cases and Permutations
Overview
Before even testing Public Key Infrastructure, we need to look at each of
the components of our architecture and have all our pieces i
n place before
starting. Hence: In order to decrypt, we need to encrypt. Moreover, In order
to test a public key, we need to have the private key. As you can see, there
is a corresponding relationship here and we need to test with a
dual role
in
mind: fi
rst by ‘being’ the sender and also by ‘being’ the recipient.
Test Group Objective
These are the components that you may need to configure:
Desktop Client:

Sender searches for the recipient’s certificate in LDAP server and uses
that certificate to enc
rypt package.

Sender generates a unique symmetric key that encrypts package with
that key

Sender uses recipient certificate (with recipient’s public key) to encrypt
the symmetric key

Sender signs S/MIME package and uploads via SSL to server

Recipient uses
personal certificate to decrypt the package (may contain
digital signature too)

Client SSL already configured with Window’s wininet.dll and
schannel.dll
Server:

Provide authenticity via a list of CA’s and root certificates (supporting
Server Gated Crypto
graphy)

Provides list of Intermediate CA’s and their certificates

Enforces encryption re: embargoed countries do not have RC2 128bit
RSA 1024bit

You can further limit connections in hosts.allow or hosts.deny file

Database stores encrypted RC4 file keys an
d salt as well as unique one
way SHA
1 hash of passwords. A Salted password is used to decrypt
file keys.
2
Download
Random flashcards
State Flags

50 Cards Education

Countries of Europe

44 Cards Education

Art History

20 Cards StudyJedi

Sign language alphabet

26 Cards StudyJedi

Create flashcards