Uploaded by gansa0906


Page:of 9
PKI SYSTEMS TEST : Initial Planning and Long
Term Strategy
Susan Congiu
Version 1
A solid PKI supports the following features: Public key encryption to protect packages
using digital certificate
s to encrypt, decrypt; digital signing of packages verify identity
and integrity of packages; certificate management using local storage for sender
certificates and verifies sender/recipient certificates. This plan is a broad overview
and is meant to step
the box and look at your holistic architecture. The
common goal is that we want to make sure that for true web security we have privacy,
authenticity, integrity, and availability. Furthermore, a solid long
term strategy should
be signed off on to
ensure that legal aspects can be handled if your server is somehow
PKI Test Cases and Permutations
Before even testing Public Key Infrastructure, we need to look at each of
the components of our architecture and have all our pieces i
n place before
starting. Hence: In order to decrypt, we need to encrypt. Moreover, In order
to test a public key, we need to have the private key. As you can see, there
is a corresponding relationship here and we need to test with a
dual role
mind: fi
rst by ‘being’ the sender and also by ‘being’ the recipient.
Test Group Objective
These are the components that you may need to configure:
Desktop Client:
Sender searches for the recipient’s certificate in LDAP server and uses
that certificate to enc
rypt package.
Sender generates a unique symmetric key that encrypts package with
that key
Sender uses recipient certificate (with recipient’s public key) to encrypt
the symmetric key
Sender signs S/MIME package and uploads via SSL to server
Recipient uses
personal certificate to decrypt the package (may contain
digital signature too)
Client SSL already configured with Window’s wininet.dll and
Provide authenticity via a list of CA’s and root certificates (supporting
Server Gated Crypto
Provides list of Intermediate CA’s and their certificates
Enforces encryption re: embargoed countries do not have RC2 128bit
RSA 1024bit
You can further limit connections in hosts.allow or hosts.deny file
Database stores encrypted RC4 file keys an
d salt as well as unique one
way SHA
1 hash of passwords. A Salted password is used to decrypt
file keys.
Random flashcards
State Flags

50 Cards Education

Countries of Europe

44 Cards Education

Art History

20 Cards StudyJedi

Sign language alphabet

26 Cards StudyJedi

Create flashcards