Be aware of the following when managing a public key infrastructure (PKI).
||A typical PKI involves multiple certificate authorities (CAs) arranged in a hierarchy.
- A rootCA is the first CA in the hierarchy and the first CA you set up. The root CA has a self-signed certificate, and is often offline to protect the CA from compromise. The root CA typically does not issue certificates to end users or computers (unless the PKI structure is very small).
- A subordinateCA is a CA authorized by the root CA to issue certificates to other CAs or users or computers.
Two types of subordinate CAs are:
- The subordinate CA gets its certificate from the root CA.
- You add subordinate CAs to your hierarchy to distribute the workload of issuing certificates, or to designate specific CAs to issue certificates for specific uses.
- The subordinate CA is responsible for issuing certificates, holding the CPS, and publishing the Certificate Revocation List (CRL).
- Qualified subordination is implemented on a subordinate CA to restrict the issuance and usage of certificates.
- An issuing CA is the CA at the bottom of the hierarchy which actually issues the certificate to the clients.
- An intermediate CA is the CA in the middle of a multi-tier system, and certifies issuing CAs or other intermediate CAs. An intermediate CA is a subordinate CA.
||A cross-certification or bridge model is used when one organization with a CA structure needs to trust certificates from another organization who has their own CA structure. By default, clients in an organization will trust certificates issued by that organization but don't trust other root CAs unless they are in an official third party list for trusted root CAs on the Internet. Cross-certification can be set up so both hierarchies trust each other.
- A root-to-rootconfiguration allows clients in one organization to trust any certificate issued by the other organization's CAs and vice versa.
- A mesh configuration provides trust paths that can be configured for more restrictive certificate validation. This could include root-to-subordinate CA, or even subordinate- to-subordinate.
||Key archival is the backup and archival of private keys for end users in case they lose their private keys. Normally, private keys are kept private and the CA would never get a copy of the private key. With a key archival system:
Key archival uses a centralized approach to key management, where keys are managed by the CA and not only by individual users.
- Private keys are sent to the CA and backed up by the CA.
- To protect the private keys during transit, they are encapsulated in a secure transmission of data to the CA.
- The location of the private keys backup is secured.
- Recovery agents are users who are given the ability to restore private keys from the archive.
||Key escrow is a form of key archival. The main difference between key escrow and key archival is that escrow stores keys with a trusted third-party, either to increase security or to allow access only under controlled circumstances. With key escrow, keys might be retrieved by a business that needs access to employee files, or key escrow might allow for key access by law enforcement with the proper authorization to investigate crimes or enforce laws.
|Dual key pairs
||Each certificate that is issued has a corresponding public and private key pair. If users are issued a single key pair, that key pair is used for both digital signatures and encryption. In an enterprise environment, it might be beneficial to use two key pairs: one key pair for digital signatures, and the other for encryption.
If a single key pair is used for both digital signatures and encryption, it is possible for a recovery agent to obtain the private key from the key archive and use that key for signing documents. This violates the principle of non-repudiation because someone other than the original user could have signed the document.
- The private key used for digital signatures is kept completely private. Only the user has access to this key and the key is never archived.
- The private key used for encryption is archived so that encrypted documents can be recovered if the private key is lost.