WGU Introduction-to-Cryptography Exam With Confidence Using Practice Dumps

OCSP is the primary online alternative to CRLs for checking whether a certificate has been revoked. With a CRL, a relying party periodically downloads a list of revoked certificate serial numbers published by the issuing CA (or CRL distribution point). That approach can be bandwidth-heavy, introduces latency between revocation and client awareness, and can result in clients using stale revocation data if updates are infrequent. OCSP improves this by allowing a client (or a server on the client’s behalf) to query an OCSP responder in near real time about the status of a specific certificate (good, revoked, or unknown). In practice, many TLS deployments use OCSP stapling, where the server periodically fetches a signed OCSP response from the CA’s responder and “staples” it to the TLS handshake, reducing client-side network calls and improving privacy (the CA doesn’t learn which site the client is visiting). Thus, OCSP provides a more timely, certificate-specific revocation status mechanism than CRLs while preserving the CA’s signed assurance.

Digital signatures provide integrity, authenticity, and typically non-repudiation by using an asymmetric key pair. The signer uses the private key to create a signature over a message (usually over a hash/digest of the message). Because the private key is kept secret, only the legitimate signer should be able to produce a valid signature. Anyone who has the corresponding public key can then validate the signature: they verify that the signature matches the message digest under the public key and that the signed data has not been altered. This is why the public key can be widely distributed (often inside an X.509 certificate) while the private key must be protected by the signer. If a public key were used to sign, anyone could forge signatures; if a private key were required for validation, only the signer could validate, defeating the purpose of public verifiability. Therefore, the correct key roles are private key for signing and public key for signature validation.

Code-signing is used to provide verifiable assurance that software comes from a known publisher and has not been modified since it was signed. In a typical code-signing workflow, the publisher computes a cryptographic hash (digest) of the executable or package and then creates a digital signature over that digest using the publisher’s private key. Operating systems, browsers, and application platforms verify the signature using the corresponding public key (usually delivered via a code-signing certificate chained to a trusted root). If verification succeeds, the system can trust that the code’s contents match what the publisher signed (integrity) and that the signer identity is authenticated by the certificate chain (authenticity). This helps defend against tampering, malware injection, and supply-chain attacks where attackers alter binaries or updates in transit or at rest. Code-signing does not primarily generate randomness, compress data, or authenticate users; it authenticates the software publisher and validates the software artifact. Modern ecosystems also use timestamping and revocation checking to handle certificate expiration and compromised signing keys, reinforcing trust over time.