Public Key Infrastructure (PKI)

What is PKI?

PKI, short for Public Key Infrastructure, is a security infrastructure based on public-key cryptography. It is used to issue and manage digital certificates, which serve as identification documents on the internet.

PKI consists of three main components:

1. Certificates:
   These authenticate the identity of the person or organization holding the certificate. Examples include:
   • SSL Certificates: Authenticate organizations operating websites and are used to ensure secure web communications.
   • Client Certificates: Authenticate individual users or organizations and are used for secure system access or information exchange.

Individuals or organizations with a digital certificate hold two cryptographic keys:

• The public key, which is included in the certificate and shared openly.
• The private key, known only to the certificate holder.

Public and private keys are paired. Data encrypted with the public key can only be decrypted with the private key, and vice versa (commonly using the RSA algorithm). This property enables tasks such as providing identity authentication through digital signatures and securing encrypted communication.

1. Certificate Authorities (CAs):
   These are entities that issue digital certificates. When a person or organization receives a digital certificate from another, its authenticity is validated based on its issuance by a trusted CA. A certificate issued by a trusted CA is regarded as reliable.

2. Repositories:
   These systems centrally manage the certificates issued by CAs and distribute them to users for verification and use.