About Public Key Infrastructure

A PKI is an automated system that manages the generation, maintenance, and delivery of encryption and digital signature keys. Together, encryption and digital signature keys provide:

• Confidentiality - Data is obscured and protected from view or access by unauthorized individuals.
  
  
• Integrity - The verifier of a digital signature can easily determine whether or not digitally signed data has been altered since it was signed.
  
  
• Authentication - Users can securely identify themselves to other users and servers on a network without sending secret information (such as passwords) over the network.
  
  
• Non-repudiation - Users who digitally sign data cannot later successfully deny having signed that data.
  
  
• Access control - Data can only be accessed in a comprehensible form by those specifically identified when data was encrypted.

Both key types – encryption and digital signature – have two related components: a public key component that is accessible to all users, and a private-key component that must be secured from access by others.

The public key and other identification information is stored in a digital certificate that is digitally signed by a Certification Authority (CA). The CA's digital signature on the digital certificate binds the identity of the end-entity with its public key. It also guarantees that the public key has not been tampered with.

To create a level of assurance or trust in the CA, certain policies and procedures must be followed. One of the main issues is the registration process, which involves how a client is identified and authenticated before a digital certificate is issued.

Certification Policy (CP)

There are two CPs connected to this CA:

• The Confidentiality Certificate Policy Document
• The Digital Signature Certificate Policy Document

Prior to using the CRA PKI application, the participant must be fully conversant with the subscriber obligations and responsibilities contained in the CRA Certificate Policy.