WHAT IS Cryptography

WHAT IS Cryptography

Cryptography is closely related to the disciplines of cryptology and cryptanalysis. Cryptography includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, in today's computer-centric world, cryptography is most often associated with scrambling plaintext(ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption). Individuals who practice this field are known as cryptographers.

Modern cryptography concerns itself with the following four objectives:

1) Confidentiality (the information cannot be understood by anyone for whom it was unintended)

2) Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected)

3) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information)

4) Authentication (the sender and receiver can confirm each other?s identity and the origin/destination of the information)

Public Key Infrastructure

Public Key Infrastructure

Public Key Infrastructure (PKI) is a system that validates a user's digital identity over a public or private network. It does so by associating a pair of public and private keys with the individual's identity credentials. These keys are created with a cryptographic algorithm and shared by a certificate authority (CA) that links them to the user's unique identity. The CA stores this information in a database and issues digital certificates, which include the public key or information about the public keys, in order to verify the user's identity. The public key is available as part of a digital certificate within a directory that can be freely accessed. The private key remains secure and is not transmitted over the network. It is used to:

1. Authenticate - for certificate-based authentication, the private key is used to generate a digital certificate that is sent to an authentication server. When it is received, the certificate is decrypted with the user's public key to validate the login credentials.
2. Encrypt - a message or document can be encrypted with the intended recipient's public key that is obtained and sent from a public directory. Only the intended recipient can decrypt the information with his or her matching private key.
3. Digitally sign - a digital signature for a message, document or transaction is created with the user's private key, encrypted and attached to the signed contents. When the contents are received, the signature is decrypted along with the user's public key to validate the sender's identity.
4. This technology offers a range of security features for the enterprise, including authentication, confidentiality and non-repudiation. PKI applications for end-users also provide network and workstation login, secure remote access, single sign-on, email encryption, secure data storage, digital signatures and secure online transactions. ​

Difference between Enterprise CA & Standalone CA

Difference between Enterprise CA & Standalone CA 

An Enterprise CA is integrated with Active Directory. The server will use domain services for certificate management, integrates with the directory for naming and authentication, and provides a ton of other integration points that simplify the user experience.

A Standalone CA is one that doesn’t integrate with AD. This is a great implementation choice for many scenarios including non-AD clients, offline servers, or simply because you don’t want to use Active Directory to manage certificates

WHAT IS ACTIVE DIRECTORY CERTIFICATE SERVICES

WHAT IS ACTIVE DIRECTORY CERTIFICATE SERVICES

Applications supported by AD CS include Secure/Multipurpose Internet Mail Extensions (S/MIME), secure wireless networks, virtual private networks (VPN), Internet Protocol security (IPsec), Encrypting File System (EFS), smart card logon, Secure Socket Layer/Transport Layer Security (SSL/TLS) and digital signatures.

AD CS, which can be managed through Microsoft Management Console snap-ins or Server Manager,  has six components:

1.    CA Web enrollment - connects users to a CA with a Web browser

2.    Certification authorities (CAs) - manages certificate validation and issues certificates

3.    Certificate Enrollment Policy Web Service - allows computers and users to retrieve information about their certificate enrollment policy

4.    Certificate Enrollment Web Service - allows computers and users to enroll certificates using HTTPS

5.    Network Device Enrollment Service - lets network devices without domain accounts retrieve certificates.

6.    Online Responder - responds to requests about a certificate's status