Q1. What are the important components of PKI?
Q2. What are functionality provided by a PKI?
Q3. What is Certification Authority?
Q4. How many CAs are in India?
Q5. What are public keys and private keys?
Q6. Can anyone find out the private key, if the public key is known?
Q7. Does digital signature means the scanned image of the signature?
Q8 . What is a digital certificate?
Q10. How does this digital certificate look like?
Q 11. What are the fields in digital certificate?
Q12. What is X.509 certificate?
Q14. What are the applications where we can use digital certificates?
Q15. Where do we keep our digital certificates?
Q16. What is a certificate policy?
Q17. How are certificates used for authentication to a web server?
Q18. Can PKI be used to secure wireless communication?
Q19. Are these digital certificates , platform dependent?
Q20. What are the different tools for creating digital certificate?
Q1. What are the important components of PKI?
Ans: Following are the important components of PKI:
(i) CA – Certification Authority
(ii) Digital Certificates, issued by CA. (i.e. Digital id of individual)
(iii) Pair of keys: private key and public key.
Q2. What are functionality provided by a PKI?
Ans: PKI provide digital certificate and encryption capabilities, which can be used to implement the security services of identification and authentication, data integrity, confidentiality and non-repudiation.
Q3. What is Certification Authority?
Ans: The Certificate Authority (CA) is one that create and issue certificates. The CA can work in different
ways like:
(i) CA generates certificates.
(ii) CA confirms the ownership of the digital certificate
(iii) CA publishes the generated certificate on a directory.
(iv) CA sends the certificate to user.
Q4. How many CAs are in India?
Ans: There are seven CAs in India.
(i) Safescrypt
(ii) NIC (certificate only issues to government employees.)
(iii) IDRBT
(iv) TCS
(v) MTNL
(vi) Customer & Central Exise
(vii) (n) Code Solutions CA (GNFC)
Q5. What are public keys and private keys?
Ans: PKI uses asymmetric cryptography to encrypt and decrypt information. By asymmetric cryptography pair of key is generated. In these pair of keys one is public key and other is private key. These keys are mathematically related. We do encryption by freely available public key and we decrypt by our private keys.
Q6. Can anyone find out the private key, if the public key is known?
Ans: No, one cannot find the private key if he/she knows about public keys. It is true that public key and private key are mathematically related. Further we can our protect our private key by a password.
Q7. Does digital signature means the scanned image of the signature?
Ans: No, one should not get confused, that digital signature is scanned image of signature. There is no relation between Digital signature and hand written signature. We use digital signature in encryption and decryption of data and message.
Q8. What is a digital certificate?
Ans: A digital certificate is a signed electronic document, which is issued by a CA to establish the relationship between name and a public key. This certificate is often provided as an attachment to an electronic message used for security purpose. The most common use of a digital certificate is to verify that a user sending a message is actually who they claim to be, and to provide the receiver with the means to encrypt a reply. The digital certificate provides secure communication, signing and non-repudiation between the sender and receiver.
Q9. What is .pkcs12 file?
Ans: PKCS stands for Personnel Information Exchange Syntax Standard, These certificates can be used for things such as email signing and file signing . This PKCS12 file contains both public and private key, and also root certificate.
Q10. How does this digital certificate look like?
Q 11. What are the fields in digital certificate?
Q12. What is X.509 certificate?
Ans: The X.509 defines the standard what information can go into a certificate and how to write it down
i.e. format of data.
Q13. What is CRL?
Ans: CRL stands for Certificate Revocation List. One of the important jobs of CA’s are to maintain archives of certificate. So one more job of CA is to publish Certificate Revocation List. The CRLs contain information about which certificates have been revoked and therefore the certificates which are in CRL are not anymore trusted.
Q14. What are the applications where we can use digital certificates?
Ans: Use of Digital certificates is increasing day by day. We can send encrypted and digital signed email and data, we can sign word documents, we can sign pdf documents, we can file our Income TAX with the help of digital certificates. There are many other applications where we can use digital certificates.
Q15. Where do we keep our digital certificates?
Ans: The place where we keep our digital certificates is known as repository. These repositories generally we find in browser like Internet explorer, Mozilla firefox etc. Microsoft products like MS word , Outlook Express use repository of Internet explorer. Many applications like Thunderbird maintain its own set of repository. So its totally depend upon application , which you are using.
Q16. What is a certificate policy?
Ans: A certificate policy is set of rules that indicate the applicability of certificate. This policy is made by CA that where we can use certificate.
Q17. How are certificates used for authentication to a web server?
Ans: We can achieve certification-based authentication in two steps. Establishing encrypted communication Channel (i.e. enabling ‘https’ protocol) , validating the subscriber’s certificate. If these two steps are successful the server can trust the identity of the user is the same as the identity stated in the certificate can map that identity to authorization.
Q18. Can PKI be used to secure wireless communication?
Ans: Yes, These digital certificates have the capability to authenticate users. There are many vendors that provide gateways that use certificate to authenticate users to WLANs. (i.e. Wireless LAN). The next generation of wireless access points will be more capable of providing these services by implementing 802.1x standard and WTLS. (wireless transport layer security.)
Q19. Are these digital certificates , platform dependent?
Ans: No, Digital certificates are not platform dependent. As X.509 given a standard for certificates. So digital certificates only follow X.509 standard.
Q20. What are the different tools for creating digital certificate?
Ans: Openssl, SelfCert are most widely used tool for creating digital certificate. Openssl can be used in Windows as well as in linux. SelfCert is only for windows. There are many other tools.
