| 192 |
- |
1 |
Introduction to PKI
|
|
|
2 |
===================
|
|
|
3 |
|
|
|
4 |
This document is designed to give you a brief introduction into how a PKI, or
|
|
|
5 |
Public Key Infrastructure, works.
|
|
|
6 |
|
|
|
7 |
Terminology Used
|
|
|
8 |
----------------
|
|
|
9 |
|
|
|
10 |
To avoid confusion, the following terms will be used throughout the Easy-RSA
|
|
|
11 |
documentation. Short forms may be substituted for longer forms as convenient.
|
|
|
12 |
|
|
|
13 |
* **PKI**: Public Key Infrastructure. This describes the collection of files
|
|
|
14 |
and associations between the CA, keypairs, requests, and certificates.
|
|
|
15 |
* **CA**: Certificate Authority. This is the "master cert" at the root of a
|
|
|
16 |
PKI.
|
|
|
17 |
* **cert**: Certificate. A certificate is a request that has been signed by a
|
|
|
18 |
CA. The certificate contains the public key, some details describing the
|
|
|
19 |
cert itself, and a digital signature from the CA.
|
|
|
20 |
* **request**: Certificate Request (optionally 'req'.) This is a request for a
|
|
|
21 |
certificate that is then send to a CA for signing. A request contains the
|
|
|
22 |
desired cert information along with a digital signature from the private
|
|
|
23 |
key.
|
|
|
24 |
* **keypair**: A keypair is an asymmetric cryptographic pair of keys. These
|
|
|
25 |
keys are split into two parts: the public and private keys. The public key
|
|
|
26 |
is included in a request and certificate.
|
|
|
27 |
|
|
|
28 |
The CA
|
|
|
29 |
------
|
|
|
30 |
|
|
|
31 |
The heart of a PKI is the CA, or Certificate Authority, and this is also the
|
|
|
32 |
most security-sensitive. The CA private key is used to sign all issued
|
|
|
33 |
certificates, so its security is critical in keeping the entire PKI safe. For
|
|
|
34 |
this reason, it is highly recommended that the CA PKI structure be kept on a
|
|
|
35 |
system dedicated for such secure usage; it is not a great idea to keep the CA
|
|
|
36 |
PKI mixed in with one used to generate end-entity certificates, such as clients
|
|
|
37 |
or servers (VPN or web servers.)
|
|
|
38 |
|
|
|
39 |
To start a new PKI, the CA is first created on the secure environment.
|
|
|
40 |
Depending on security needs, this could be managed under a locked down account,
|
|
|
41 |
dedicated system, or even a completely offline system or using removable media
|
|
|
42 |
to improve security (after all, you can't suffer an online break-in if your
|
|
|
43 |
system or PKI is not online.) The exact steps to create a CA are described in a
|
|
|
44 |
separate section. When creating a new CA, the CA keypair (private and public
|
|
|
45 |
keys) are created, as well as the file structure necessary to support signing
|
|
|
46 |
issued certificates.
|
|
|
47 |
|
|
|
48 |
Once a CA has been created, it can receive certificate requests from
|
|
|
49 |
end-entities. These entity certificates are issued to consumers of X509
|
|
|
50 |
certificates, such as a client or server of a VPN, web, or email system. The
|
|
|
51 |
certificate requests and certificates are not security-sensitive, and can be
|
|
|
52 |
transferred in whatever means convenient, such as email, flash drive, etc. For
|
|
|
53 |
better security, it is a good idea to verify the received request matches the
|
|
|
54 |
sender's copy, such as by verifying the expected checksum against the sender's
|
|
|
55 |
original.
|
|
|
56 |
|
|
|
57 |
Keypairs and requests
|
|
|
58 |
---------------------
|
|
|
59 |
|
|
|
60 |
Individual end-entities do not need a full CA set up and will only need to
|
|
|
61 |
create a keypair and associated certificate request. The private key is not used
|
|
|
62 |
anywhere except on this entity, and should never leave that system. It is wise
|
|
|
63 |
to secure this private key with a strong passphrase, because if lost or stolen
|
|
|
64 |
the holder of the private key can make connections appearing as the certificate
|
|
|
65 |
holder.
|
|
|
66 |
|
|
|
67 |
Once a keypair is generated, the certificate request is created and digitally
|
|
|
68 |
signed using the private key. This request will be sent to a CA for signing, and
|
|
|
69 |
a signed certificate will be returned.
|
|
|
70 |
|
|
|
71 |
How requests become certificates
|
|
|
72 |
--------------------------------
|
|
|
73 |
|
|
|
74 |
After a CA signs the certificate request, a signed certificate is produced. In
|
|
|
75 |
this step, the CA's private key is used to digitally sign the entity's public
|
|
|
76 |
key so that any system trusting the CA certificate can implicitly trust the
|
|
|
77 |
newly issued certificate. This signed certificate is then sent back to the
|
|
|
78 |
requesting entity. The issued certificate is not security-sensitive and can be
|
|
|
79 |
sent over plaintext transmission methods.
|
|
|
80 |
|
|
|
81 |
Verifying an issued certificate
|
|
|
82 |
-------------------------------
|
|
|
83 |
|
|
|
84 |
After 2 entities have created keypairs, sent their requests to the CA, and
|
|
|
85 |
received a copy of their signed certificates and the CA's own certificate, they
|
|
|
86 |
can mutually authenticate with one-another. This process does not require the 2
|
|
|
87 |
entities to have previously exchanged any kind of security information directly.
|
|
|
88 |
|
|
|
89 |
During a TLS handshake each side of the connection presents their own cert chain
|
|
|
90 |
to the remote end. Each side checks the validity of the cert received against
|
|
|
91 |
their own copy of the CA cert. By trusting the CA root cert, the peer they are
|
|
|
92 |
talking to can be authenticated.
|
|
|
93 |
|
|
|
94 |
The remote end proves it "really is" the entity identified by the cert by
|
|
|
95 |
signing a bit of data using its own private key. Only the holder of the private
|
|
|
96 |
key is able to do this, allowing the remote end to verify the authenticity of
|
|
|
97 |
the system being connected to.
|