development of certificate authority for web application

DEVELOPMENT OFCERTIFICATE AUTHORITYFOR WEB APPLICATION

Guided By Presented ByProf. S.K. Sonkar Sachin B.Deshmukh

9970406068

CONTENTS INTRODUCTION CERTIFICATE AUTHORITY RELATED BACKGROUND ARCHITECTURE OF CA ALGORITHM & CLASSIFICATION APPLICATIONS OF CA EXAMPLE OF CA FOR WEB APPLICATION CONCLUSION

INTRODUCTION The Internet provides an excellent vehicle for extending

the scope of communication and business.The mostcritical element of security might be the ability toprovide trust and confidence to transactions over theInternet.

The CA does this by registering each user’sidentification information, with a set of Private keys anda set of Public Key Certificates.

PKI also plays vital rule in CA.

CERTIFICATE AUTHORITY(CA) It is a trusted authority in a network that issues and

manages security and public keys for messageencryption.

A CA checks with a registration authority to verifyinformation provided by the requestor of a digitalcertificate. If the RA verifies the requestor’s information,the CA can issue a digital certificate.

CONTINUE…. CA creates a certificate request file ("bulk add file")

containing the names and certificate types of theusers.

The CA software returns a list of reference numbersand authorization codes. These "generated secrets"uniquely identify each user.

The aim of this work is to design and implement aCA system that can create and assign public keycertificates. Hence, the system enables securecommunication and proper authentication.

NEED OF CERTIFICATE AUTHORITY

RELATED BACKGROUND PUBLIC KEY CRYPTOGRAPHY PUBLIC KEY INFRASTRUCTURE ECC(ELLIPTICAL CURVE CRYPTOGRAPHY)

COMPONENTS:

1. The End-users2. Registration Authorities3. Public Key Certificates (PKC)

ECC(ELLIPTICAL CURVE CRYPTOGRAPHY) ECC can be used for key distribution,

encryption/decryption, and digital signaturealgorithm.The key distribution algorithm is used toshare a secret key for symmetric cryptography,encryption/decryption algorithm.

ECC proposed an alternative to other publickeyencryption algorithms, such as RSA.

we will use the ECC because with a much smaller keylength, it achieves the same security level as other

WHY USE ECC?ECC KEYSIZE(BITS)

RSA KEYSIZE(BITS)

KEY SIZERATIO

163 1024 1:6

256 3072 1:12

384 7680 1:20

512 15360 1:30

ARCHITECTURE OF CA TOOLS FOR CA:

1.PHP (Hypertext Preprocessor)

2.HTML (Hypertext Markup Language)

3.MySQL

3-TIER ARCHITECTURE OF CA

ALGORITHM TO CREATE NEW CERTIFICATE

CERTIFICATE REVOCATION Certificates have a period of validity may need to revoke before expiration, eg:

1. user's private key is compromised2. user is no longer certified by this CA3. CA's certificate is compromised

CAs maintain list of revoked certificates the Certificate Revocation List (CRL)

users should check certificates with CA’s CRL

TO REVOKE THE CERTIFICATE…

ADVANTAGES OF REVOKE THE CERTIFICATE

1. It decreases the time that required to revoke thecertificate since It does not need to communicate withthe CA before revoking the certificate.

2. There is no need to publish the CRL in certificaterepository, because the process is done between theclient and the certificate repository.

EXAMPLE OF CA FOR WEB APPLICATION

CONTINUE…

CONTINUE…

APPLICATIONS OF CA

The purpose of a CA is to manage the certificate lifecycle.

The CA is also responsible for providing certificatestatus information though the issuance of CertificateRevocation Lists (CRLs) and/or the maintenance of anonline status checking mechanism.

The CA digitally signs each certificate that it issues withits private key to provide the means for establishingauthenticity and integrity of the certificate.

CONCLUSION The proposed system enables institutes or organizations

to issue digital certificates for their network users. Theapplicant can manage his digital certificate from anycomputer that is connected to Internet.

The main advantage of this method is to decrease thetime needed to acknowledge the CA to revoke it andpublish it in certificate repository.

THANK YOU…

ANY QUERY…???