CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it

1. Introduction to
public key
infrastructure I.

2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certification
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

3. Page 3
– Overview of asymmetric encryption.
– Certificate authorities and digital
certificates.
PACE-IT.

4. Page 4
Introduction to public key infrastructure I.

5. Page 5
– Asymmetric encryption.
» In asymmetric encryption, two separate cryptographic keys are
used to encrypt data; the two keys are mathematically linked
through special algorithms.
• One key can encrypt the data; the other key is then used to
decrypt the data.
» If the parties in the communication are not closely associated
with each other, an issue arises on how to exchange security
keys.
» Requires more computing resources than symmetrical
encryption methods.
– Solution to the overhead issue.
» Often, an asymmetric encryption session is used to establish a
trust relationship between two entities—verification that the
parties are who they say they are.
• Once verification has taken place, the parties then agree upon
a secret key that can be used with an agreed upon
symmetrical encryption standard—thus reducing the
computing overhead required for communication.
Introduction to public key infrastructure I.

6. Page 6
In many situations,
asymmetric encryption
revolves around a public key
infrastructure (PKI).
PKI is a process that is used to generate and manage the two
security keys that are necessary for asymmetric encryption. With
PKI, two keys are created—a public key and a private key.
The public key is made known and is readily associated with a
specific entity (e.g., a person or organization). That same entity is
responsible for maintaining the security and integrity of the
private key. Messages encrypted with the public key can only be
decrypted with the private key, thus ensuring the security of any
message. PKI is established with the assistance of a certificate
authority (CA).
Introduction to public key infrastructure I.

7. Page 7
Introduction to public key infrastructure I.

8. Page 8
– Public CA.
» A third party entity that is in the business of issuing (selling) the
digital certificates that are used with PKI.
• Useful when there is not an existing trust relationship between
two parties that require the use of asymmetrical encryption.
• Many applications (e.g., Internet Explorer or Firefox)
automatically trust certificates issued by public CAs (e.g.,
VeriSign or GoDaddy).
» Has the power to revoke an entity’s digital certificate (e.g., in
cases of fraud).
– Private CA.
» The process used when an organization creates its own PKI.
• The organization self-signs its own digital certificates that are
used to support asymmetrical encryption.
» An advantage to the private CA is that the organization doesn’t
need to pay for each individual certificate.
» A disadvantage to the private CA is that it may be difficult to get
other organizations to accept the self-signed certificates.
Introduction to public key infrastructure I.

9. Page 9
– Levels of certificate authorities.
» The PKI model requires that there be a hierarchal structure to
the CAs.
» The first CA to be installed in PKI is the root CA.
• The root CA issues digital certificates to all other CAs—which
are called subordinate CAs—that are installed in the PKI
model.
• By default, the root CA must self-sign its own certificate.
– Digital certificate.
» An electronic file that is used to store the public key of the entity
that the certificate is issued to.
• It is bound to and uniquely identifies the entity that it is issued
to, which eases the asymmetrical encryption process used by
PKI.
Introduction to public key infrastructure I.

10. Page 10
– Components of the digital certificate.
» Public key: the public encryption key of the entity that the
certificate was issued to.
» Serial number: a unique number assigned to the certificate to
help identify it.
» Algorithm: the asymmetrical algorithm used by the certificate.
» Subject: the entity that was issued the certificate.
» Issuer: the entity that issued the certificate.
» Valid from: the start date of the certificate.
» Valid to: the end date of the certificate.
» Thumbprint algorithm: the hash algorithm to use when
verifying the integrity of the certificate.
» Thumbprint: the actual hashed value of the certificate (which
can be used to verify that the certificate has not been altered).
Introduction to public key infrastructure I.

11. Page 11
Introduction to public key infrastructure I.
Asymmetrical encryption requires the use of two separate, but linked,
security keys (one to encrypt and the other to decrypt). Asymmetrical
encryption is often used to set up a symmetrical encryption session. PKI is
often used in situations involving asymmetrical encryption. A certificate
authority (CA) is used when establishing PKI.
Topic
Overview of asymmetric
encryption.
Summary
There are two types of CAs. A public CA is in the business of providing the
digital certificates used in the PKI process. A private CA is used when an
organization issues its own certificates. The root CA is the first CA used in
the PKI process; all other CAs are subordinate CAs. A digital certificate is
an electronic file that is used to store the public key of the entity that the
certificate is issued to. There are many important fields in the digital
certificate which include: public key, serial number, algorithm, validation
dates, thumbprint algorithm, and thumbprint.
Certificate authorities and
digital certificates.

12. Page 12
THANK YOU!

13. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.