Table of Contents
Advertisement
Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that the
1
message content has not been altered by anyone else along the way. Tim generates a public key pair
(one public key and one private key).
Tim keeps the private key and makes the public key openly available. This means that anyone who
2
receives a message seeming to come from Tim can read it and verify whether it is really from him or not.
Tim uses his private key to sign the message and sends it to Jenny.
3
Jenny receives the message and uses Tim's public key to verify it. Jenny knows that the message is from
4
Tim, and that although other people may have been able to read the message, no-one can have
altered it (because they cannot re-sign the message with Tim's private key).
Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny's public key to verify
5
the message.
The Zyxel Device uses certificates based on public-key cryptology to authenticate users attempting to
establish a connection, not to encrypt the data that you send after establishing a connection. The
method used to secure the data that you send through an established connection depends on the
type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can then use the certification
authority's public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that validate a certificate. The
Zyxel Device does not trust a certificate if any certificate on its path has expired or been revoked.
Certification authorities maintain directory servers with databases of valid and revoked certificates. A
directory of certificates that have been revoked before the scheduled expiration is called a CRL
(Certificate Revocation List). The Zyxel Device can check a peer's certificate against a directory server's
list of revoked certificates. The framework of servers, software, procedures and policies that handles keys
is called PKI (public-key infrastructure).
Advantages of Certificates
Certificates offer the following benefits.
• The Zyxel Device only has to store the certificates of the certification authorities that you decide to
trust, no matter how many devices you need to authenticate.
• Key distribution is simple and very secure since you can freely distribute public keys and you never
need to transmit private keys.
Self-signed Certificates
You can have the Zyxel Device act as a certification authority and sign its own certificates.
Factory Default Certificate
The Zyxel Device generates its own unique self-signed certificate when you first turn it on. This certificate
is referred to in the GUI as the factory default certificate.
Chapter 34 Object
ZyWALL ATP Series User's Guide
654
- Quick Links:
- Web Configurator
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWall ATP series
Related Products for ZyXEL Communications ZyWall ATP series
- ZyXEL Communications ZyWALL USG Series
- ZyXEL Communications ZyWALL 310
- ZyXEL Communications ZyWALL 310 Series
- ZyXEL Communications ZyWall ZLD Series
- ZyXEL Communications ZLD
- ZyXEL Communications ZyWALL ATP Series
- ZyXEL Communications ZyWALL 10
- ZyXEL Communications Internet Security Appliance ZyWALL5UTM 4.0