From the course: CISA Cert Prep: 5 Information Asset Protection for IS Auditors

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Cryptography: Public key infrastructure and certificates

Cryptography: Public key infrastructure and certificates

From the course: CISA Cert Prep: 5 Information Asset Protection for IS Auditors

Start my 1-month free trial

Cryptography: Public key infrastructure and certificates

- [Instructor] Okay, let's talk about public key infrastructures and certificates, PKIs and certificates. So, why do we need a PKI? Well, PKI helps us with a particular problem. Look, users can generate their own public and private key pairs and exchange them. The problem is, there's nothing on a public key that says this is really Mike's public key. If you look at a raw public key, it's much like we saw earlier with our hash algorithms, like we saw the message digest, it's a string of some hexadecimal stuff or some Base64-encoded material. There's nothing that says that's really for Mike. So, if you receive a public key in an email from Bob saying, hey, encrypt anything you wanna send confidentially to me and use this key. Well, how do you know it's really Bob and not Johnny Hacker's or Dave's? You don't. What you really need is for some trusted third party to vouch for the identity of the owner of the public key, and that's what PKI and certificates are all about. A PKI binds some…

Contents