PKI
Definition
Public Key Infrastructure (PKI) is a framework of policies, technologies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and public keys. It enables secure electronic transfer of information for a range of network activities such as e-commerce, internet banking, and confidential email. PKI relies on the principles of asymmetric encryption, where a pair of keys (public and private) are used to encrypt and decrypt data, ensuring authenticity, integrity, and confidentiality.
Secure Settings Example
# Example of a secure PKI configuration in OpenSSL
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
encrypt_key = yes
prompt = no
distinguished_name = dn
[ dn ]
C = "US"
ST = "California"
L = "San Francisco"
O = "Example Corp"
OU = "IT Department"
CN = "example.com"
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
keyUsage = digitalSignature, keyEncipherment, keyCertSign
Insecure Settings Example
# Example of an insecure PKI configuration in OpenSSL
[ req ]
default_bits = 1024
default_md = md5
default_keyfile = privkey.pem
encrypt_key = no
prompt = no
distinguished_name = dn
[ dn ]
C = "US"
ST = "California"
L = "San Francisco"
O = "Example Corp"
OU = "IT Department"
CN = "example.com"
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
keyUsage = digitalSignature, keyEncipherment, keyCertSign