Amazon Web Services is currently experiencing an outage that may impact your experience on the Cybrary application. We apologize for any inconvenience and will be monitoring this situation closely
December 16, 2022
Cybrary
This is a back-up process of public and private key material over multiple systems or devices. It’s a tool that prevents the re-creation of private and public key material from the backup. The key materials are backed up and then mathematically distributed across several systems or devices. Usually three people are assigned specific, separate job responsibilities within different portions of the organization. These clarifications impede attempts to recover keys without permission. The mathematical equation supports any number of users up to 255 for the splitting activity.
Assuming a key can be used throughout its validation period without revocation, it is then renewed. Identity verification is not required to obtain a new certificate. If the certificate is in good standing, and the key is renewed with the same CA, the old key can be used to sign the request for the new key. There should be established trust between the renewer and the CA based on the person’s credentials.
Key update is a second type of renewal where a new key is produced by modifying the existing key. The process of key renewal depends on the user and CA requirements. The process is also applied with a CA’s key pair as those keys undergo renewal as well. A CA can also use its old key to sign the new key. The PKI renewal process is performed by creating three new keys.
- The CA produces another self-signed certificate. This time, the CA signs the new public key using the old private key that is about to expire.
- Next, the CA server signs the old public keys with the new private key. This is done to avoid an overlap between the new key activation and old key expiration.
- Lastly, the new public key is signed with the new private key.
The reason for these steps is based on two important points:
- Since a CA verifies the credentials of other parties, rigorous steps need to be implemented when renewing the CA’s own certificate.
- Creating numerous keys makes the changeover from old keys to new keys transparent to the end user.
When a key pair and certificate validation expire, they must be destroyed. If the key pair is used for digital signatures, the private key portion should be destroyed to prevent future signing attempts. Key pairs used for privacy purposes can be archived in case it needs to be used to decrypt archived data that was encrypted using it. The digital certificate must be added to the CRL as soon as the certificate is no longer valid. This process occurs irrespective of the archive or non-archive status of the private key for future use. The extra step of notifying individuals who use the certificate of its invalid status may be needed depending on the sensitivity level.
Start learning with Cybrary
Create a free account
Related Posts
Building a Security Team
June 27, 2023
Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It
A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.
Read More
Building a Security Team
June 28, 2023
How to Build a Red Team
An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.
Read More
Tools & Applications
June 7, 2023
How to Make the Most of Blending Learning with Cybrary Live
Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.
Read More
News & Events
June 7, 2023
Introducing the New Cybrary Learner Experience
Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.
Read More