Home › B.Tech Cyber Security › cybersecurity › Cryptography › A CERTIFICATE AUTHORITY (CA) in PKI does what?
A CERTIFICATE AUTHORITY (CA) in PKI does what?
ARoutes packets across the network
Bissues digital certificates after vetting
CEncrypts every web request
DManages user passwords
Answer & Solution
Correct answer: B. issues digital certificates after vetting
1. CA (Certificate Authority): a TRUSTED third party that issues X.509 DIGITAL CERTIFICATES.
2. PROCESS:
• Applicant generates a key pair and sends a CSR (certificate signing request) to the CA.
• CA verifies the applicant's identity (for DV certs: domain ownership; OV/EV: legal entity verification).
• CA signs the certificate binding the applicant's public key to their identity.
3. TRUST CHAIN: browsers ship a list of TRUSTED ROOT CAs. A certificate signed by a trusted CA (or a chain to one) is accepted.
4. EXAMPLES: Let's Encrypt (free DV, automated), DigiCert, Sectigo, GlobalSign.
5. Other options describe network/security functions unrelated to PKI.
_Source: Boneh & Shoup, §13.3 (Public-key infrastructure) + RFC 5280._
Related questions
RSA encryption with PKCS#1 v1.5 padding is now consideredA SALT in password hashing isFORWARD SECRECY in TLS meansTLS (Transport Layer Security) uses a HYBRID encryption scheme. Why?An HMAC (Hash-based Message Authentication Code) providesWhich block cipher mode is INSECURE and should NEVER be used because it leaks PATTERNS in Which hash algorithm is considered DEPRECATED / WEAK and should NOT be used for new applicDIFFIE-HELLMAN key exchange allows two parties to