pki

Public Key Infrastructure (PKI) (Windows)Welcome | Sign InUnited States - English Argentina (EspaГ±ol)Australia (English)Brasil (PortuguГЄs)Canada (English)Canada (FranГ§ais)дё­е›Ѕ (з®ЂдЅ“дё­ж–‡)Colombia (EspaГ±ol)Deutschland (Deutsch)EspaГ±a (EspaГ±ol)France (FranГ§ais)India (English)Italia (Italiano)MГ©xico (EspaГ±ol)PerГє (EspaГ±ol)Р РѕСЃСЃРёСЏ (PСѓСЃСЃРєРёР№)United Kingdom (English)United States (English)More... | Microsoft.com Product FamiliesOfficeWindowsWindows Server SystemWindows MobileDeveloper ToolsBusiness SolutionsGames & XboxMSNResourcesMicrosoft UpdateOffice UpdateDownload CenterHelp & SupportSecurityVolume LicensingAbout MicrosoftCompany InformationInvestor RelationsPressPass for journalistsPopular PlacesMSDN (Developers)TechNet (IT Pros)Microsoft At HomeMicrosoft At WorkBusiness & IndustryMicrosoft partnersMicrosoft hardwareProduct catalogMactopiaMicrosoft.com site mapPopular SearchesTemplatesActiveSyncClip artPopular DownloadsWindows Defender Beta 2DirectX End-User RuntimeMore popular downloads.scopeArrow{margin-top: -1px;padding-top: 2px;padding-right: 18px;}.TabStrip_SearchBox{padding: 0px 2px 0 2px;height: 19px;} Search MSDNSearch Microsoft.comLive SearchMicrosoft Developer NetworkHomeLibraryLearnDownloadsSupportCommunity.tbfont{ font-size: 70%;} Printer Friendly Version Send Add Content...Click to Rate and Give Feedback Give feedback on this contentMSDN LibraryMSDNPlease WaitMSDN LibraryPlease WaitWin32 and COM DevelopmentPlease WaitSecurityPlease WaitCertificate Enrollment APIPlease WaitAbout the Certificate Enrollment AP...Please WaitPublic Key Infrastructure (PKI)Please Wait.vb, .cs, .cpp, .nu{display:none;}.nu{display:inline;}Public Key Infrastructure (PKI) Public-key cryptography (also called asymmetric-key cryptography) uses a key pair to encrypt and decrypt content. The key pair consists of one public and one private key that are mathematically related. An individual who intends to communicate securely with others can distribute the public key but must keep the private key secret. Content encrypted by using one of the keys can be decrypted by using the other. Assume, for example, that Bob wants to send a secure e-mail message to Alice. This can be accomplished in the following manner: Both Bob and Alice have their own key pairs. They have kept their private keys securely to themselves and have sent their public keys directly to each other. Bob uses Alice's public key to encrypt the message and e-mails it to her. Alice uses her private key to decrypt the message. This simplified example highlights at least one obvious concern Bob must have about the public key he used to encrypt the message. That is, he cannot know with certainty that the key he used for encryption actually belonged to Alice. It is possible that another party monitoring the communication channel between Bob and Alice substituted a different key. The public key infrastructure concept has evolved to help address this problem and others. A public key infrastructure (PKI) consists of software and hardware components that a trusted third party can use to establish the integrity and ownership of a public key. The trusted party, called a certification authority (CA), typically accomplishes this by issuing signed (encrypted) binary certificates that affirm the identity of the certificate subject and bind that identity to the public key contained in the certificate. The CA signs the certificate by using its private key. It issues the corresponding public key to all interested parties in a self-signed CA certificate. When a CA is used, the preceding example can be modified in the following manner: Assume that the CA has issued a signed digital certificate that contains its public key. The CA self-signs this certificate by using the private key that corresponds to the public key in the certificate. Alice and Bob agree to use the CA to verify their identities. Alice requests a public key certificate from the CA. The CA verifies her identity, computes a hash of the content that will make up her certificate, signs the hash by using the private key that corresponds to the public key in the published CA certificate, creates a new certificate by concatenating the certificate content and the signed hash, and makes the new certificate publicly available. Bob retrieves the certificate, decrypts the signed hash by using the public key of the CA, computes a new hash of the certificate content, and compares the two hashes. If the hashes match, the signature is verified and Bob can assume that the public key in the certificate does indeed belong to Alice. Bob uses Alice's verified public key to encrypt a message to her. Alice uses her private key to decrypt the message from Bob. In summary, the certificate signing process enables Bob to verify that the public key was not tampered with or corrupted during transit. Before issuing a certificate, the CA hashes the contents, signs (encrypts) the hash by using its own private key, and includes the encrypted hash in the issued certificate. Bob verifies the certificate contents by decrypting the hash with the CA public key, performing a separate hash of the certificate contents, and comparing the two hashes. If they match, Bob can be reasonably certain that the certificate and the public key it contains have not been altered. A typical PKI consists of the following components. Component Description Certification Authority Acts as the root of trust in a public key infrastructure and provides services that authenticate the identity of individuals, computers and other entities in a network. Registration Authority Is certified by a root CA to issue certificates for specific uses permitted by the root. In a Microsoft PKI, a registration authority (RA) is usually called a subordinate CA. Certificate Database Saves certificate requests and issued and revoked certificates and certificate requests on the CA or RA. Certificate Store Saves issued certificates and pending or rejected certificate requests on the local computer. Key Archival Server Saves encrypted private keys in the certificate database for recovery after loss. The Certificate Enrollment API enables you to submit certificate and key archival requests to certification and registration authorities and install the issued certificate on a local computer. It does not enable you to directly manipulate the certificate database or certificate store. The following topics discuss the Microsoft public key infrastructure in more detail. X.509 Public Key Certificates PKI Components Trust Models See Also About the Certificate Enrollment APISend comments about this topic to Microsoft Build date: 2/19/2008 Tags:asymmetric-key-cryptography (x) authenticate-identity (x) certificate-database (x) certification-authority (x) key-archival-server (x) private-key (x) public-key (x) public-key-cryptography (x) public-key-infrastructure (x) registration-authority (x) Add a tagAdd CancelFlag as ContentBugCommunity Content Add new content | EditTags:Add a tagAdd CancelFlag as ContentBugManage Your Profile | Legal | Contact Us | MSDN Flash Newsletter© 2008 Microsoft Corporation. All rights reserved.Terms of Use | Trademarks | Privacy Statementразделы 5004.14 (крышка) thuraya sg 2520 лотерея купить элеваторный узел учет данный автошкола компания сент-лючии сканер штрихкодов помидор купля красный площадь собор купить широкоугольник решетка домашний очаг здоровье градирня вентиляторные квн обрезание лечение алкоголизма штукатурка фасадный вакансия красноярск эдас-134 аденома предст.ж-зы красный объявление pki