PKI

Name: Public Key Infrastructure
Function: Ensuring information security through encryption technology and digital signature
Composition: public key encryption technology, digital certificate, CA, RA

Confidentiality, integrity, non-repudiation of identity verification / operation

Role: to achieve security guarantees such as information encryption and digital signatures
Encryption Algorithm:
1. Symmetric encryption algorithm
  
  The encryption and decryption keys are consistent
2. Asymmetric encryption algorithm
  
  The two parties to the communication each generate a pair of public and private keys
  
  Both parties exchange public keys
  
  The public key and private key are mutually encrypted and decrypted!
  
  Public and private keys cannot be pushed back against each other!
  
  RSA DH
3. HASH algorithm: MD5 SHA (irreversible, verify integrity)

The ciphertext obtained by encrypting the digest with your own private key is a digital signature

The certificate is used to guarantee the legitimacy of the public key
The certificate format follows the X.509 standard
Digital certificate protection information:

User's public key value

User identification information (such as name and email address)

Validity period (validity of certificate)

Issuer identification information

Issuer's digital signature
The digital certificate is issued by a fair and authoritative third-party organization, CA

Experimental steps;

Configure the server IP address 10.1.1.2/24
Install the IIS service and establish a site.

Verify access to http://www.flower.com on the xp client
Install CA components
Open IIS, first generate certificate application file
Apply for certificate from CA:

Open the web page: http: //10.1.1.2.certsrv and send the web server application file to CA
CA issues a certificate
Download and complete the installation on the web server
Enable SSL443 on the web server
Verify on the client

day07 PKI