PKI.docx
《PKI.docx》由会员分享,可在线阅读,更多相关《PKI.docx(34页珍藏版)》请在冰豆网上搜索。
PKI
OperatingSystem
MicrosoftWindows 2000PublicKeyInfrastructure
WhitePaper
Abstract
Microsoft®Windows®2000introducesacomprehensivepublic-keyinfrastructure(PKI)totheWindowsplatform.ThisinfrastructureextendstheWindows-basedpublic-key(PK)cryptographicservicesintroducedoverthepastfewyears,providinganintegratedsetofservicesandadministrativetoolsforcreating,deploying,andmanagingPK-basedapplications.Thisallowsapplicationdeveloperstotakeadvantageoftheshared-secretsecuritymechanismsorPK-basedsecuritymechanisminWindows,asappropriate.Enterprisesalsogaintheadvantageofbeingabletomanagetheenvironmentandapplicationswithconsistenttoolsandpolicies.
©1999MicrosoftCorporation.Allrightsreserved.
TheinformationcontainedinthisdocumentrepresentsthecurrentviewofMicrosoftCorporationontheissuesdiscussedasofthedateofpublication.BecauseMicrosoftmustrespondtochangingmarketconditions,itshouldnotbeinterpretedtobeacommitmentonthepartofMicrosoft,andMicrosoftcannotguaranteetheaccuracyofanyinformationpresentedafterthedateofpublication.
ThisWhitePaperisforinformationalpurposesonly.MICROSOFTMAKESNOWARRANTIES,EXPRESSORIMPLIED,INTHISDOCUMENT.
Microsoft,ActiveX,Authenticode,Outlook,TheBackOfficelogo,Windows,andWindows NTareregisteredtrademarksofMicrosoftCorporation.
Otherproductorcompanynamesmentionedhereinmaybethetrademarksoftheirrespectiveowners.
MicrosoftCorporation•OneMicrosoftWay•Redmond,WA98052-6399•USA
0499
Contents
Introduction1
Concepts2
PublicKeyCryptography2
Public-KeyFunctionality2
DigitalSignatures2
Authentication3
SecretKeyAgreementviaPublicKey3
BulkDataEncryptionwithoutPriorSharedSecrets3
ProtectingandTrustingCryptographicKeys4
Certificates4
CertificateAuthorities4
TrustandValidation5
Windows 2000PKIComponents6
CertificateAuthorities8
CertificateHierarchies8
DeployinganEnterpriseCA9
TrustInMultipleCAHierarchies11
EnablingDomainClients12
GeneratingKeys12
KeyRecovery12
CertificateEnrollment13
Renewal13
UsingKeysandCertificates13
Recovery14
Roaming15
Revocation15
Trust15
PKSecurityPolicyinWindows 200017
TrustedCARoots17
CertificateEnrollmentandRenewal17
Smart-CardLogon18
ApplicationsOverview19
WebSecurity19
SecureE-mail20
DigitallySignedContent21
EncryptingFileSystem21
Smart-CardLogon22
IPSecurity(IPSec)22
Interoperability23
Criteria23
InternetStandards23
PreparingforWindows 2000PKI26
S/MIME-basedE-mailUsingExchangeServer26
ForMoreInformation27
Introduction
TheMicrosoftWindows 2000operatingsystemintroducesacomprehensivepublic-keyinfrastructure(PKI)totheWindowsplatform.ThisinfrastructureextendstheWindows-basedpublic-key(PK)cryptographicservicesthatwereintroducedoverthepastfewyears,providinganintegratedsetofservicesandadministrativetoolsforcreating,deploying,andmanagingPK-basedapplications.Thisallowsapplicationdeveloperstotakeadvantageoftheshared-secretsecuritymechanismsorPK-basedsecuritymechanism,asappropriate.Enterprisesalsogaintheadvantageofbeingabletomanagetheenvironmentandapplicationswithconsistenttoolsandpolicies.
TheremainderofthispaperprovidesanoverviewofthePKIinWindows 2000.
Concepts
PublicKeyCryptography
Cryptographyisthescienceofprotectingdata.Cryptographicalgorithmsmathematicallycombineinputplaintextdataandanencryptionkeytogenerateencrypteddata(ciphertext).Withagoodcryptographicalgorithm,itiscomputationallynotfeasibletoreversetheencryptionprocessandderivetheplaintextdata,startingwithonlytheciphertext;someadditionaldata,adecryptionkey,isneededtoperformthetransformation.
Intraditional,secret(orsymmetric)keycryptography,theencryptionanddecryptionkeysareidenticalandthussharesensitivedata.Partieswishingtocommunicatewithsecret-keycryptographymustsecurelyexchangetheirencryption/decryptionkeysbeforetheycanexchangeencrypteddata.
Incontrast,thefundamentalpropertyofpublic-key(PK)cryptographyisthattheencryptionanddecryptionkeysaredifferent.Encryptionwithapublickeyencryptionkeyisaone-wayfunction;plaintextturnsintociphertext,buttheencryptionkeyisirrelevanttothedecryptionprocess.Adifferentdecryptionkey(related,butnotidentical,totheencryptionkey)isneededtoturntheciphertextbackintoplaintext.Thus,forPKcryptography,everyuserhasapairofkeys,consistingofapublickeyandaprivatekey.Bymakingthepublickeyavailable,itispossibletoenableotherstosendyouencrypteddatathatcanonlybedecryptedusingyourprivatekey.Similarly,youcantransformdatausingyourprivatekeyinsuchawaythatotherscanverifythatitoriginatedwithyou.Thislattercapabilityisthebasisfordigitalsignatures,discussedbelow.
Public-KeyFunctionality
TheseparationbetweenpublicandprivatekeysinPKcryptographyhasallowedthecreationofanumberofnewtechnologies.Themostimportantofthesearedigitalsignatures,distributedauthentication,secret-keyagreementviapublickey,andbulkdataencryptionwithoutpriorsharedsecrets.
Thereareanumberofwell-knownPKcryptographicalgorithms.Some,suchasRivest-Shamir-Adleman(RSA)andEllipticCurveCryptography(ECC),aregeneral-purpose;theycansupportalloftheaboveoperations.Otherssupportonlyasubsetofthesecapabilities.SomeexamplesincludetheDigitalSignatureAlgorithm(DSA,whichispartoftheU.S.government’sDigitalSignatureStandard,FIPS186),whichisusefulonlyfordigitalsignatures,andDiffie-Hellman(D-H),whichisusedforsecretkeyagreement.
ThefollowingsectionsbrieflydescribetheprincipalusesofPKcryptography.Theseoperationsaredescribedintermsoftwousers,BobandAlice.ItisassumedthatBobandAlicecanexchangeinformationbutdonothaveanypre-arranged,sharedsecretsbetweenthem.
DigitalSignatures
Perhapsthemostexcitingaspectofpublickeycryptographyiscreatingandvalidatingdigitalsignatures.Thisisbasedonamathematicaltransformthatcombinestheprivatekeywiththedatatobesignedinsuchawaythat:
Onlysomeonepossessingtheprivatekeycouldhavecreatedthedigitalsignature.
Anyonewithaccesstothecorrespondingpublickeycanverifythedigitalsignature.
Anymodificationofthesigneddata(evenchangingonlyasinglebitinalargefile)invalidatesthedigitalsignature.
Digitalsignaturesarethemselvesjustdata,sotheycanbetransportedalongwiththesigneddatathattheyprotect.Forexample,Bobcancreateasignede-mailmessagetoAliceandsendthesignaturealongwiththemessagetext,providingAlicetheinformationthatisrequiredtoverifythemessageorigin.Inaddition,digitalsignaturesprovideawaytoverifythatdatahasnotbeentamperedwith(eitheraccidentallyorintentionally)whileintransitfromthesourcetothedestination.Therefore,theycanbeexploitedtoprovideaverysecuredata-integritymechanism.
Authentication
PKcryptographyprovidesrobustdistributedauthenticationservices.Entityauthenticationguaranteesthatthesenderofdataistheentitythatthereceiverthinksitis.IfAlicereceivesdatafromBob,andthensendshimachallengeencryptedwithBob’spublickey,BobthendecodesthischallengeandsendsitbacktoAlice,provingthathehasaccesstotheprivatekeyassociatedwiththepublickeythatAliceusedtoissuethechallenge.AlicecanalsosendaplaintextchallengetoBob.Bobthencombinesthechallengewithotherinformation,whichisdigitallysigned.AlicethenusesBob’spublickeytoverifythesignatureandprovethatBobhastheassociatedprivatekey.Thechallengemakesthismessageuniqueandpreventsreplayattacksbyahostilethirdparty.Ineithercase,thisisknownasaproof-of-possessionprotocolbecausethesenderprovesthathehasaccesstoaparticularprivatekey.
SecretKeyAgreementviaPublicKey
AnotherfeatureofPKcryptographyisthatitpermitstwopartiestoagreeonasharedsecret,usingpublic,andnonsecure,communicationnetworks.Basically,BobandAliceeachgeneratearandomnumberthatformshalfofthesharedsecretkey.Bobthensendshishalfofthesecret,encrypted,toAlice,usingherpublickey.Alicesendsherhalf,encrypted,toBobwithhispublickey.Eachsidecanthendecryptthemessagereceivedfromtheotherparty,extractthehalfofthesharedsecretthatwasgeneratedbytheother,andcombinethetwohalvestocreatethesharedsecret.Oncetheprotocoliscompleted,thesharedsecretcanbeusedforsecuringothercommunications.
BulkDataEncryptionwithoutPriorSharedSecrets
ThefourthmajortechnologyenabledbyPKcryptographyistheabilitytoencryptbulkdatawithouttheestablishmentofpriorsharedsecrets.ExistingPKalgorithmsarecomputationallyintensiverelativetosecret-keyalgorithms.Thismakesthemillsuitedforencryptinglargeamountsofdata.TogettheadvantagesofPKcryptographyalongwithefficientbulkencryption,PKandsecret-keytechnologiesaretypicallycombined.
Thisisaccomplishedbyfirstselectingasecret-keyencryptionalgorithmandgeneratingarandomsessionkeytousefordataencryption.IfBobissendingthemessage,hefirstencryptsthissessionkey,usingAlice’spublickey.TheresultingciphertextkeyisthensenttoAlicealongwiththeencrypteddata.Alicecanrecoverthesessionkey,usingherprivatekey,andthenusethesessionkeytodecryptthedata.
ProtectingandTrustingCryptographicKeys
Insecret-keycryptography,Alic