LPIC-3 Exam 303: Security

Topic 331: Cryptography

Key Knowledge Areas:

Understand X.509 certificates, X.509 certificate lifecycle, X.509 certificate fields and X.509v3 certificate extensions
Understand trust chains and public key infrastructures, including certificate transparency
Generate and manage public and private keys
Create, operate and secure a certification authority
Request, sign and manage server and client certificates
Revoke certificates and certification authorities
Basic feature knowledge of Let’s Encrypt, ACME and certbot
Basic feature knowledge of CFSSL

Partial list of the used files, terms and utilities:

Key Knowledge Areas:

Understand SSL, TLS, including protocol versions and ciphers
Configure Apache HTTPD with mod_ssl to provide HTTPS service, including SNI and HSTS
Configure Apache HTTPD with mod_ssl to serve certificate chains and adjust the cipher configuration (no cipher-specific knowledge)
Configure Apache HTTPD with mod_ssl to authenticate users using certificates
Configure Apache HTTPD with mod_ssl to provide OCSP stapling
Use OpenSSL for SSL/TLS client and server tests

Links sobre os assuntos:

Key Knowledge Areas:

Understand block device and file system encryption
Use dm-crypt with LUKS1 to encrypt block devices
Use eCryptfs to encrypt file systems, including home directories and PAM integration
Awareness of plain dm-crypt
Awareness of LUKS2 features
Conceptual understanding of Clevis for LUKS devices and Clevis PINs for TMP2 and Network Bound Disk Encryption (NBDE)/Tang

The following is a partial list of the used files, terms and utilities: