Chapter 7. Key and Certificate Management

As discussed in Chapter 2, asymmetric cryptography is based on the use of public/private-key pairs. A public key is typically distributed in the form of a certificate, whereas a private key is a separate and distinct data structure always protected from unauthorized disclosure in transit, use, and storage. The term key/certificate life-cycle management denotes the life-cycle management functions associated with the creation, issuance, and subsequent cancellation of public/private-key pairs and their associated certificates.

In this chapter, we discuss the various phases of key/certificate life-cycle management that must be offered as part of any comprehensive PKI. Where appropriate, we also discuss the ...

Get Understanding PKI: Concepts, Standards, and Deployment Considerations, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.