![]() |
| |||||||||
|
Public-Key Infrastructure (PKI)A system that uses digital certificates for authentication and thus helps establish secure communications is called a public-key infrastructure (PKI). A PKI consists of end entities, certification authorities (trusted parties who sign and issue certificates), and registration authorities (parties who handle the identification of end entities). (Please note that PKI and PKCS #11 support is only available in commercial distributions of the SSH Secure Shell for Workstations client.) A PKI provides a means for reliable authentication of parties in an online environment by using asymmetric encryption. In addition to authentication, the PKI also enables secure digital communications and transactions. In asymmetric encryption, every entity (communicating party) has a key pair that consists of a public key and a private key. Private keys are secret and are known only to their owners. Private keys are used for signing and decrypting messages. Public keys are, as the name implies, public and can be published on, for example, a web server. Public keys are used for validating signatures and encrypting messages. Before public-key operations can be made, the public key has to be received securely so that no one can substitute the genuine key with a tampered one. Certificates can be used for distributing public keys of end entities. Certificates are digital documents that are used for secure authentication of communicating parties. Certificates are also used for sending the public keys of the entities to other entities. A certificate binds identity information about an entity to the entity's public key for a certain validity period. Certificates can be thought of as analogous to passports that guarantee the identity of their bearers. To enable wide usage of certificates and interoperable implementations from multiple vendors, certificates have to be based on standards. The most advanced and widespread certificate specifications at the moment are defined by the PKIX Working Group of the IETF (Internet Engineering Task Force).
CACertificate EnrollmentCertificate RevocationDirectory Services[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2001 SSH Communications Security Corp |