Flexible certificate management in public key infrastructures

A public key infrastructure (PKI) secures lots of applications and processes. These are for example the electronic commerce, email communication, access to computers and networks, or digital identities for use in e-Government or the health care sector. The various PKI based applications have different requirements. These depend on the security level, the number of participants, the software or hardware devices, the complexity of the installation, and many other parameters. This work focuses on the certificate management in a PKI and proposes various solutions to meet these requirements in a flexible way. In order to deal with the problems related to certificate management we design the certificate management authority (CMA). This authority is specified as a new trust center component involved in organising the workflow and the tasks that remain after the creation of a PKI product, like a certificate or a revocation list. Its design and implementation is discussed. The certificate management plugins, that the CMA is based on, can be (re)used to provide interoperable PKI solutions. We also give a security analysis of the CMA. The new authority requires to rethink the communication possibilities within a trust center. A new protocol for communication inside a trust center is designed and implemented. It addresses the problems of communication of arbitrary trust center components. It enables human readability of the messages, security mechanisms like digital signatures and encryption, it supports dual control, and expresses typical data in a trust center. One basic task of the CMA is the distribution and dissemination of PKI information. Typical solutions are based on LDAP directories. A best practice guide for these directories regarding PKI purposes is given. We further concentrate on the German Signature Act and see how to meet the directory related requirements in this context. We will use the LDAP directories for other PKI management functions, too. One function is the proof of possession for encryption keys. This scheme realises the indirect method of the CMP messages, but without the need for any confirmation messages. We propose a second scheme for delivering software personal security environments.