What is public key infrastructure (PKI)?
This technology can help secure data using a number of components
Public key infrastructure (PKI) is one of the building blocks of digital encryption and is a fundamental part of most security technologies. It's a system of various technologies and procedures designed to verify the identities and legitimacy of digital entities and domains, which in turn informs other security and verification systems.
First, some background: "Public key cryptography" is a cryptographic theory involving a paired set of two unique but mathematically-linked alphanumeric identifiers, known as a public key and a private key. Any data which has been encrypted with a public key can only be decrypted using the corresponding private key.
PKI is not the same as the secure data transfer method known as public key encryption, which uses the above theory. Public key encryption relies on PKI, but the term 'PKI' actually refers to the broader system which is responsible for verifying identities and handing out public and private keys in the first place.
How does PKI work?
Several companies are involved in the process of securing a key pair from start to finish. The first step involves the subject verifying their identity, which is done by securing a digital certificate. In order to do this, they need to apply with a registration authority (RA), which applies requirements set out by the PKI to verify the subject’s identity. These requirements are published to the public, alongside details on how the PKI is developed.
Upon verification, the RA passes the request along to the certificate authority (CA), which is responsible for approving, issuing, and storing digital certificates. Companies such as GoDaddy, DigiCert, Comodo, as well as non-profit groups like Let’s Encrypt, are all counted as CAs and can handle this process. All issued certificates are stored in a central repository, controlled by a management system that’s tasked with distribution and access permissions.
The CA is also responsible for signing and issuing digital certificates as proof that a subject’s identity has been verified. After a request from a RA is approved, the CA will then issue a private and public key pair to accompany the certificate. While this sounds like a simple step, in reality, there’s a bunch of hardware and software working behind the scenes, managing tasks like automatic data validation, the creation of key pairs, and request approval – all of which form the PKI.
Where is PKI used?
PKI use features in a large range of applications, but it is most frequently used to protect digital platforms and services. A common deployment is the protection of data transfers so that information being sent over a network can only be viewed by the intended recipient.
It's also used to send emails using OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), user authentication using smart cards and the authentication of client systems using SSL (Secure Socket Layer) signatures or encryption.
You may also encounter a variant of PKI when accessing e-documents and online forms that require user signatures. While there are other ways to verify an e-document, PKI is by far the easiest to use as it's not necessary for the two parties to know each other.
The chain of trust
To enhance the security of PKI, a trusted relationship is needed called a chain of trust. This hierarchy describes the trust relationship between identities when using Subordinate (intermediate) CAs. The main advantage of this is that it enables the delegation of certificates by Subordinate CAs.
A chain of trust is created by validating each hardware and software component from one end right up to the root certificate. This is to ensure that only trusted software and hardware are used in the PKI.
Preparing for long-term remote working after COVID-19
Learn how to safely and securely enable your remote workforceDownload now
Cloud vs on-premise storage: What’s right for you?
Key considerations driving document storage decisions for businessesDownload now
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers betterDownload now
Solutions that facilitate work at full speedDownload now