Q1
FIPS Standards
Answer: FIPS 140: Cryptographic Modules FIPS 186: Digital Signatures
Q2
FIPS 197: AES FIPS 201: Identity Verification
Answer: FIPS 197: AES FIPS 201: Identity Verification
Q3
Digital Signatures
Answer: Encryption of a message digest with the sender's private key. Provides:
Q4
Authentication Integrity Non-repudation
Answer: Integrity
Q5
Digital Certificate
Answer: A digital document that contains a public key and some information to allow
your system to verify where that key came from.
Q6
Uesd for web servers, Cisco Secure phones, E-Commerce.
Answer: Uesd for web servers, Cisco Secure phones, E-Commerce.
Q7
PKI (Public Key Infrastructure)
Answer: Uses asymmetric key pairs and combines software, encryption and services to
provide a means of protecting the security of business communication and
transactions.
,Q8
PKCS (Public Key Cryptography Standards)
Answer: Put in place by RSA to ensure uniform certificate management throughout the
internet.
Q9
Trusted Third Party (TTP)
Answer: Certificate, a digital representation of the information that identifies you as a
relevant entity.
Q10
CA (Certification Authority)
Answer: An entity trusted by one or more users to manage certificates.
Q11
RA (Registration Authority)
Answer: Used to take the burden off of a CA by handling verification prior to
certificates being issued. Acts as a proxy between user and CA. Receives request,
authenticates it and forwards it to the CA.
Q12
CP (Certificate Policy)
Answer: A set of rules that defines how a certificate may be used.
Q13
X.509
Answer: The most widely used digital certificate standard. First issued July 3, 1988. It
is a digital document that contains a public key signed by the trusted third party,
which is known as a Certificate Authority, or CA. Relied on by S/MIME. Contains your
name, info about you, and a signature of a person who issued the certificate.
Q14
X.509 Certificate Content
Answer: Version Certificate holder's public key
, Q15
Serial number Certificate's validity period
Answer: Serial number Certificate's validity period
Q16
X.509 Certificate File Extensions
Answer: .pem
Q17
.pem
Answer: Privacy Enhanced Mail, a Base64 encoded DER certificate, enclosed between
"---.cer, .crt, .der Usually in binary DER form, but Base64-encoded certificates are
common also (see .pem).
Q18
.p7b, .p7c
Answer: PKCS#7 SignedData structure without data, just certificate(s) or CRL(s).
Q19
.p12
Answer: PKCS#12, may contain certificate(s) (public) and private keys (password
protected).
Q20
.pfx
Answer: Predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., w/
PFX files generated in IIS).
Q21
Certificate Authority (CA)
Answer: The primary role of this is to digitally sign and publish the public key bound to
a given user. It is an entity trusted by one or more users to manage certificates.
Verisign is an example.