Course intended for:

The training is intended for persons wishing to get familiar with the issues of the Public Key Infrastructure. It is particularly recommended for programmers, administrators and security officers, who will be dealing with digital signatures and other services based on PKI.

Course objective:

The participants will get familiar with the basic information protection services and the modes of use of these for the purpose of development of the Public Key Infrastructure. The trainers will discuss the cryptographic mechanisms and their designation and present the legal aspects, associated with PKI services in Poland and in the European Union. During the training, the participants will configure and launch their own certification center, which will be used for handling of certification submissions for the purpose of issue of certificates for public keys using RSA, DSA, ECDSA algorithms of various designations. They will also get familiar with practical aspects of services associated with PKI, such as digital signature, authentication in the SSL/TLS protocol, the certificate status verification server (OCSP), time stamping server (TSA).

In particular, in the practical tasks, the participants will get familiar with the basic cryptographic mechanisms and the entire process associated with the public key certificate life cycle and the associated services (OCSP, TSA server). The workshop will be based on the OpenSSL library.

Requirements:

The training participants are required to have some computer handling skills, using Windows or Linux.

Course parameters:

3*8 hours (3*7 net hours)

The training consists of lectures and workshops.

Course curriculum

  1. Information protection services

    1. Basic information protection services – integrity, confidentiality, authentication and non-repudiation

    2. Shortcut functions

    3. confidentiality

      • Symmetric algorithms

      • Asymmetric algorithms

    4. Storage of cryptographic data

      • ASN.1

      • DER and PEM encoding

    5. Digital signature

      • Legal aspects in Poland and the European Union

      • Key generation

      • Signature development

      • Signature verification

    6. The problem of safe storage of a private key

      • Key repositories

      • Intelligent cards

      • Hardware security modules (HSM)

      • Access to cryptographic equipment (PKCS #11 libraries, CSP)

    7. Key authenticity problem

    8. A trusted third party (TTP)

      • A list of trusted suppliers (TSL)
    9. Current recommendations for cryptographic mechanisms used in PKI (algorithms, key lengths)

  2. Public Key Infrastructure components

    1. PKI Architecture

      • Registration Authority (RA)

      • Certification Authority (CA)

      • Repository

    2. PKI services in the context of information protection services

    3. Generating of keys and certification submissions

    4. X.509 certificates

      • Basic certificate fields (distinguishing name, validity dates)

      • Certificate extensions

      • Right certificates

      • Extended validation certificates

      • Certification policy

      • Certificate life cycle

      • Certification path

    5. Certificate revocation

      • List of revoked certificates (CRL, delta CRL)

      • Certificate status verification protocol (OCSP)

    6. Time stamping service (TSA)

  3. Practical use of the PKI infrastructure

    1. Signing of documents

    2. Safe mail

    3. Signing of applications (e.g. Java applets)

    4. Server and client authentication in the SSL/TLS protocol

Any questions?

* Required.


Contact
Phone +48 22 2035600
Fax +48 22 2035601
Email