A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA). The RA ensures that the public key is bound to the individual to which it is assigned in a way that ensures non-repudiation.
On the Internet, a PKI refers to a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. Certificates can be implemented in software securely distributed and managed or in physical tokens. A popular token in use today is the Comman Access Card (CAC).
More information on PKI is available here.Wikipedia: Public-key Infrastructure
To avoid a certificate error accessing secure DoD web sites, you must install the DoD Root Certificates. DoD operates its own certificate system to avoid the exposures from commercially purchased certificates. Follow these instructions and links to download and install the DoD Root Certificate Authorities.DoD: Root Certificate Authority Installation Instructions on DISA website
For questions or problems with the DoD website please contact the DISA OKC OST at 1-800-490-1643 or by email at firstname.lastname@example.org.
The Defense Information System Agency (DISA) provides its Information Assurance Support Environment (IASE) website was established to support DoD's goals to assist users in accessing secure DoD Internet services.
PKI is a service of products which provide and manage X.509 certificates for public key cryptography. Certificates identify the individual named in the certificate, and bind that person to a particular public/private key pair. DoD PKI provides the data integrity, user identification and authentication, user non-repudiation, data confidentiality, encryption and digital signature services for programs and application, which use the DoD networks.
The purpose of the DoD PKI program is to improve information assurance, using a hierarchical cryptographic structure, providing the basis of trust needed for the user to be assured that their communications remain private, are legitimate, and are received as sent.
PKE is the process of ensuring that applications work with the DoD Public Key Infrastructure (PKI). The methods of PK-enablement are PK-enabling existing software, buying COTS PK-enabled software, and using PK-enabled hardware devices. DISA provides a set of tools to assist users of DoD PKI systems in working with certificates. These are available at the following website.DISA IASE: PKI and PKE Tools Website
If you need assistance with any of these tools and products, DISA provides the following contact information.DISA IASE: Contact information
As a U.S. Government ECA, Operational Research Consultants (ORC) is authorized to provide digital certificates for:
The ORC ECA supports medium, medium-token, and medium-hardware assurance levels, as defined in the U.S. Government ECA Certificate Policy. ORC ECA offers 1 and 3 year validity periods on all certificate types.
ORC ECA Subscribers include DoD contractors, vendors, allied partners, North Atlantic Treaty Organization (NATO) allies, foreign nationals, members of other Government agencies and their trading partners. The use of ECA certificates is not restricted to the conducting of business with the DoD.ORC: ECA Certificates
The DoD Common Access Card (CAC), a "smart" card about the size of a credit card, is the standard identification for active-duty military personnel, Selected Reserve, DoD civilian employees, and eligible contractor personnel. It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to defense computer networks and systems.
DoD provides the following reference center for information on DoD CAC and other ID Cards.DoD CAC Reference Center
Using a CAC card with a computer requires the use of a CAC Card Reader. There are a variety of reasnably priced products available, most using a Universal Serial Bus (USB) interface that is easy to connect to any recent computer. At the company offices, we use the HID Omnikey 3121 USB Desktop Reader. You will find this product installed on one of the company hotdesks at our Annapolis Junction offices.OMNIKEY 3121 USB
To avoid a certificate error accessing our corporate secure web sites and servers, you must install our corporate Root Certificate. We operate our own private certificate system, similar to other companies. Follow these instructions and links to download and install the certificate for our Root Certificate Authority (CA).Web Site Security: Installing our Root Certificate
Pretty Good Privacy (PGP) is a product of the PGP Corporation. Its products provide a set of encryption services for desktops and enterprises.Additional information about PGP
PGP key certificate services are available from PGP. Install in your PGP application as ldap://keyserver.pgp.com. Keyservers can also be searched on the web at:https://keyserver.pgp.com
The Massachussetts Institute of Technology (MIT) also operates a PGP key certificate server.http://pgpkeys.mit.edu:11371/