Public Key Infrastructure (PKI)
CryptographyDefinition
System issuing/managing digital certificates for encrypted communications.
Technical Details
Public Key Infrastructure (PKI) is a framework that enables secure, encrypted communication through the use of digital certificates, which verify the identity of entities and facilitate the exchange of public keys. PKI consists of hardware, software, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Central to PKI is the Certificate Authority (CA), which issues digital certificates, and the Registration Authority (RA), which verifies identities before certificates are issued. PKI uses asymmetric cryptography, where a pair of keys (public and private) is generated; the public key is shared while the private key remains confidential. PKI also involves the use of Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) to manage the validity of certificates.
Practical Usage
PKI is widely used in various applications that require secure communications, such as securing email communications with S/MIME, enabling secure web transactions via HTTPS, and authenticating users and devices in enterprise environments. In addition, PKI is essential for implementing digital signatures, ensuring data integrity, and providing non-repudiation in transactions. Organizations utilize PKI to manage internal and external communications, ensuring that sensitive data remains confidential and that the identities of parties involved are trustworthy.
Examples
- A financial institution uses PKI to secure online banking transactions. Customers receive digital certificates to authenticate their identities when logging in and conducting transactions, ensuring that their communications are encrypted.
- An organization implements PKI for its email system, allowing employees to send encrypted emails and digitally sign messages to verify their authenticity. This protects sensitive information from unauthorized access during transmission.
- A government agency employs PKI to manage digital identities for its employees and contractors, using smart cards that contain digital certificates to control access to secure facilities and sensitive systems.