Cryptography Reference
In-Depth Information
1
. Provide an argument for supporting the following three statements (which do
not contradict one another):
(a) The core issues that motivate the need to manage keys for symmetric
cryptography and public-key cryptography are essentially the same.
(b) Many phases of the key lifecycle for symmetric cryptography and public-key
cryptography are almost identical.
(c) Many phases of the key lifecycle for symmetric cryptography and public-key
cryptography are fundamentally different.
2
. The term
public-key infrastructure
(PKI) is much more commonly discussed than
the term
symmetric key infrastructure
(SKI). Why do you think this is the case?
3
. The lifecycle of a cryptographic key depicted in Figure 10.1 does not just apply
to symmetric keys. Sketch two copies of this lifecycle for the following types of
'key', indicating on each copy whether the various phases of the key lifecycle
are, in general, easier or harder to manage than for symmetric keys:
(a) private keys;
(b) public-key certificates.
4
. X.509 is just one example of a public-key certificate format. Find an example of
a different public-key certificate format and compare it to the X.509 version 3
format depicted in Table 11.1:
(a) Which fields are the same?
(b) Explain any differences.
5
. There are several different types of digital certificate.
(a) What is a
code-signing certificate
?
(b) What are the important fields of a code-signing certificate?
(c) Discuss the potential impact of management failures in the different phases
of the lifecycle of a code-signing certificate.
6
. Registration is a very important phase of the public-key certificate lifecycle.
(a) What general issues should be considered before selecting appropriate
credentials for checking during a public-key certificate registration process?
(b) Suggest candidate credentials that public-key certificate applicants should
provide when applying for a student smart card for access to campus
services.
7
. The trusted third-party generation technique described in Section 11.2.2 is
quite commonly adopted by large-scale applications where private keys are
stored on smart cards.
(a) Why is this technique attractive for such applications?
(b) Why might the key pair generation be conducted by a third party that is
different from the CA in such applications?
