Eesp Use Of Entrust Policy Wp
Páginas: 19 (4600 palabras)
Publicado: 10 de abril de 2012
Entrust Entelligence™
Security Provider 9.1 for Windows®
Use of Entrust Policy White Paper
Version 1, February 2010
Abstract
Entrust Policy is a powerful and flexible method for controlling the use of keys and certificates issued
from Entrust Authority Security Manager. Entrust Entelligence Security Provider for Windows
supports configuration through Entrust Policy, along with theWindows registry. This white paper
covers how you can configure Security Provider using Entrust Policy.
Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
Entrust is a registered trademark of Entrust Limited in Canada. All other company and product
names are trademarks or registered trademarks of their respective owners. The material provided
inthis document is for information purposes only. It is not intended to be advice. You should not act
or abstain from acting based upon such information without first consulting a professional.
ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE
INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED "AS IS"
WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND,WHETHER
EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST
SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF
MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A
SPECIFIC PURPOSE.
© Copyright 2010 Entrust. All rights reserved.
© Copyright 2010 Entrust. All rights reserved.
Security Provider 9.1 for Windows Use ofEntrust Policy White Paper
Table of Contents
1 Introduction ......................................................................................................................... 4
2 About Entrust ...................................................................................................................... 5
3 Enrollment, recovery, and digital ID update..................................................................... 5
3.1
Security Provider with Security Manager............................................................... 5
3.2
Configuration restrictions........................................................................................ 9
4 Detection of required digital ID updates........................................................................... 9
5 Entrust security store ....................................................................................................... 11
5.1
Missing or untrusted Entrust policy ..................................................................... 12
6 How Security Provider stores Entrust policy ................................................................. 12
7 How Security Providervalidates Entrust policy ............................................................ 13
© Copyright 2010 Entrust. All rights reserved.
Page 1
www.entrust.com
Security Provider 9.1 for Windows Use of Entrust Policy White Paper
Table of Terms
Term
Description
attribute certificate
Also known as an policy certificate, this is a set of attributes.
together with otherinformation, protected from forging by the
digital signature created using the private key of the CA which
issued it. Entrust User Policy settings are listed in an attribute
certificate.
Certification Authority (CA)
The part of Security Manager that ensures the trustworthiness of
electronic identities. It issues electronic identities in the form of
public key certificates, policycertificates, cross-certificates,
certificate revocation lists, and authority revocation lists. It signs
the certificates with its signing key thereby ensuring the integrity
of the electronic identity.
CryptoAPI
The Microsoft Windows API that provides PKI client capabilities
to the desktop operating system, allowing applications to take
advantage of desktop cryptographic functionality built in...
Security Provider 9.1 for Windows®
Use of Entrust Policy White Paper
Version 1, February 2010
Abstract
Entrust Policy is a powerful and flexible method for controlling the use of keys and certificates issued
from Entrust Authority Security Manager. Entrust Entelligence Security Provider for Windows
supports configuration through Entrust Policy, along with theWindows registry. This white paper
covers how you can configure Security Provider using Entrust Policy.
Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
Entrust is a registered trademark of Entrust Limited in Canada. All other company and product
names are trademarks or registered trademarks of their respective owners. The material provided
inthis document is for information purposes only. It is not intended to be advice. You should not act
or abstain from acting based upon such information without first consulting a professional.
ENTRUST DOES NOT WARRANT THE QUALITY, ACCURACY OR COMPLETENESS OF THE
INFORMATION CONTAINED IN THIS ARTICLE. SUCH INFORMATION IS PROVIDED "AS IS"
WITHOUT ANY REPRESENTATIONS AND/OR WARRANTIES OF ANY KIND,WHETHER
EXPRESS, IMPLIED, STATUTORY, BY USAGE OF TRADE, OR OTHERWISE, AND ENTRUST
SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS, AND/OR WARRANTIES OF
MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT, OR FITNESS FOR A
SPECIFIC PURPOSE.
© Copyright 2010 Entrust. All rights reserved.
© Copyright 2010 Entrust. All rights reserved.
Security Provider 9.1 for Windows Use ofEntrust Policy White Paper
Table of Contents
1 Introduction ......................................................................................................................... 4
2 About Entrust ...................................................................................................................... 5
3 Enrollment, recovery, and digital ID update..................................................................... 5
3.1
Security Provider with Security Manager............................................................... 5
3.2
Configuration restrictions........................................................................................ 9
4 Detection of required digital ID updates........................................................................... 9
5 Entrust security store ....................................................................................................... 11
5.1
Missing or untrusted Entrust policy ..................................................................... 12
6 How Security Provider stores Entrust policy ................................................................. 12
7 How Security Providervalidates Entrust policy ............................................................ 13
© Copyright 2010 Entrust. All rights reserved.
Page 1
www.entrust.com
Security Provider 9.1 for Windows Use of Entrust Policy White Paper
Table of Terms
Term
Description
attribute certificate
Also known as an policy certificate, this is a set of attributes.
together with otherinformation, protected from forging by the
digital signature created using the private key of the CA which
issued it. Entrust User Policy settings are listed in an attribute
certificate.
Certification Authority (CA)
The part of Security Manager that ensures the trustworthiness of
electronic identities. It issues electronic identities in the form of
public key certificates, policycertificates, cross-certificates,
certificate revocation lists, and authority revocation lists. It signs
the certificates with its signing key thereby ensuring the integrity
of the electronic identity.
CryptoAPI
The Microsoft Windows API that provides PKI client capabilities
to the desktop operating system, allowing applications to take
advantage of desktop cryptographic functionality built in...
Leer documento completo
Regístrate para leer el documento completo.