Development of Certificate Authority for Web Application
description
Transcript of Development of Certificate Authority for Web Application
![Page 1: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/1.jpg)
DEVELOPMENT OFCERTIFICATE AUTHORITYFOR WEB APPLICATION
Guided By Presented ByProf. S.K. Sonkar Sachin B.Deshmukh
9970406068
![Page 2: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/2.jpg)
CONTENTS INTRODUCTION CERTIFICATE AUTHORITY RELATED BACKGROUND ARCHITECTURE OF CA ALGORITHM & CLASSIFICATION APPLICATIONS OF CA EXAMPLE OF CA FOR WEB APPLICATION CONCLUSION
![Page 3: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/3.jpg)
INTRODUCTION The Internet provides an excellent vehicle for extending
the scope of communication and business.The mostcritical element of security might be the ability toprovide trust and confidence to transactions over theInternet.
The CA does this by registering each user’sidentification information, with a set of Private keys anda set of Public Key Certificates.
PKI also plays vital rule in CA.
![Page 4: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/4.jpg)
CERTIFICATE AUTHORITY(CA) It is a trusted authority in a network that issues and
manages security and public keys for messageencryption.
A CA checks with a registration authority to verifyinformation provided by the requestor of a digitalcertificate. If the RA verifies the requestor’s information,the CA can issue a digital certificate.
![Page 5: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/5.jpg)
CONTINUE…. CA creates a certificate request file ("bulk add file")
containing the names and certificate types of theusers.
The CA software returns a list of reference numbersand authorization codes. These "generated secrets"uniquely identify each user.
The aim of this work is to design and implement aCA system that can create and assign public keycertificates. Hence, the system enables securecommunication and proper authentication.
![Page 6: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/6.jpg)
NEED OF CERTIFICATE AUTHORITY
![Page 7: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/7.jpg)
RELATED BACKGROUND PUBLIC KEY CRYPTOGRAPHY PUBLIC KEY INFRASTRUCTURE ECC(ELLIPTICAL CURVE CRYPTOGRAPHY)
COMPONENTS:
1. The End-users2. Registration Authorities3. Public Key Certificates (PKC)
![Page 8: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/8.jpg)
ECC(ELLIPTICAL CURVE CRYPTOGRAPHY) ECC can be used for key distribution,
encryption/decryption, and digital signaturealgorithm.The key distribution algorithm is used toshare a secret key for symmetric cryptography,encryption/decryption algorithm.
ECC proposed an alternative to other publickeyencryption algorithms, such as RSA.
we will use the ECC because with a much smaller keylength, it achieves the same security level as other
![Page 9: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/9.jpg)
WHY USE ECC?ECC KEYSIZE(BITS)
RSA KEYSIZE(BITS)
KEY SIZERATIO
163 1024 1:6
256 3072 1:12
384 7680 1:20
512 15360 1:30
![Page 10: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/10.jpg)
ARCHITECTURE OF CA TOOLS FOR CA:
1.PHP (Hypertext Preprocessor)
2.HTML (Hypertext Markup Language)
3.MySQL
![Page 11: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/11.jpg)
3-TIER ARCHITECTURE OF CA
![Page 12: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/12.jpg)
![Page 13: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/13.jpg)
ALGORITHM TO CREATE NEW CERTIFICATE
![Page 14: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/14.jpg)
CERTIFICATE REVOCATION Certificates have a period of validity may need to revoke before expiration, eg:
1. user's private key is compromised2. user is no longer certified by this CA3. CA's certificate is compromised
CAs maintain list of revoked certificates the Certificate Revocation List (CRL)
users should check certificates with CA’s CRL
![Page 15: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/15.jpg)
TO REVOKE THE CERTIFICATE…
![Page 16: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/16.jpg)
ADVANTAGES OF REVOKE THE CERTIFICATE
1. It decreases the time that required to revoke thecertificate since It does not need to communicate withthe CA before revoking the certificate.
2. There is no need to publish the CRL in certificaterepository, because the process is done between theclient and the certificate repository.
![Page 17: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/17.jpg)
EXAMPLE OF CA FOR WEB APPLICATION
![Page 18: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/18.jpg)
CONTINUE…
![Page 19: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/19.jpg)
CONTINUE…
![Page 20: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/20.jpg)
APPLICATIONS OF CA
The purpose of a CA is to manage the certificate lifecycle.
The CA is also responsible for providing certificatestatus information though the issuance of CertificateRevocation Lists (CRLs) and/or the maintenance of anonline status checking mechanism.
The CA digitally signs each certificate that it issues withits private key to provide the means for establishingauthenticity and integrity of the certificate.
![Page 21: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/21.jpg)
CONCLUSION The proposed system enables institutes or organizations
to issue digital certificates for their network users. Theapplicant can manage his digital certificate from anycomputer that is connected to Internet.
The main advantage of this method is to decrease thetime needed to acknowledge the CA to revoke it andpublish it in certificate repository.
![Page 22: Development of Certificate Authority for Web Application](https://reader030.fdocuments.us/reader030/viewer/2022020110/545fcc3faf79592b708b50c3/html5/thumbnails/22.jpg)
THANK YOU…
ANY QUERY…???