35 lines
571 B
Plaintext
35 lines
571 B
Plaintext
Category depending on how keys are protected
|
|
- soft stored certs
|
|
- obfuscated certs
|
|
- hardware secured certs
|
|
- fips secured certs
|
|
|
|
Usage:
|
|
- Signing
|
|
* Code
|
|
* E-Mails
|
|
* WS Requests / RPC / Messages
|
|
- Authentication
|
|
* TLS
|
|
* SSH(?)
|
|
|
|
* Server
|
|
* Client
|
|
* Server + Client (?)
|
|
|
|
- Encryption
|
|
* Recovery
|
|
|
|
Algos:
|
|
-Encrypt / auth: RSA, EC
|
|
-Integrity: SHA-1,SHA-2,SHA-3
|
|
|
|
Network Zone:
|
|
- External (public certificates)
|
|
- DMZ
|
|
- Internal
|
|
- Core
|
|
|
|
All above should be issued per application or generally applications should
|
|
leverage main user certificate
|