What is public key infrastructure (PKI)?

This technology can help secure data using a number of components

Graphic representing security in either data protection or cyber security contexts

Public key infrastructure (PKI) is one of the building blocks of digital encryption and is a fundamental part of most security technologies. It's a system of various technologies and procedures designed to verify the identities and legitimacy of digital entities and domains, which in turn informs other security and verification systems.

Advertisement - Article continues below

First, some background: "Public key cryptography" is a cryptographic theory involving a paired set of two unique but mathematically-linked alphanumeric identifiers, known as a public key and a private key. Any data which has been encrypted with a public key can only be decrypted using the corresponding private key.

PKI is not the same as the secure data transfer method known as public key encryption, which uses the above theory. Public key encryption relies on PKI, but the term 'PKI' actually refers to the broader system which is responsible for verifying identities and handing out public and private keys in the first place.

How does PKI work?

Several companies are involved in the process of securing a key pair from start to finish. The first step involves the subject verifying their identity, which is done by securing a digital certificate. In order to do this, they need to apply with a registration authority (RA), which applies requirements set out by the PKI to verify the subject’s identity. These requirements are published to the public, alongside details on how the PKI is developed.

Advertisement - Article continues below
Advertisement - Article continues below

Upon verification, the RA passes the request along to the certificate authority (CA), which is responsible for approving, issuing, and storing digital certificates. Companies such as GoDaddy, DigiCert, Comodo, as well as non-profit groups like Let’s Encrypt, are all counted as CAs and can handle this process. All issued certificates are stored in a central repository, controlled by a management system that’s tasked with distribution and access permissions.

The CA is also responsible for signing and issuing digital certificates as proof that a subject’s identity has been verified. After a request from a RA is approved, the CA will then issue a private and public key pair to accompany the certificate. While this sounds like a simple step, in reality, there’s a bunch of hardware and software working behind the scenes, managing tasks like automatic data validation, the creation of key pairs, and request approval – all of which form the PKI.

Where is PKI used?

PKI use features in a large range of applications, but it is most frequently used to protect digital platforms and services. A common deployment is the protection of data transfers so that information being sent over a network can only be viewed by the intended recipient.

Advertisement - Article continues below

It's also used to send emails using OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), user authentication using smart cards and the authentication of client systems using SSL (Secure Socket Layer) signatures or encryption.

You may also encounter a variant of PKI when accessing e-documents and online forms that require user signatures. While there are other ways to verify an e-document, PKI is by far the easiest to use as it's not necessary for the two parties to know each other.

The chain of trust

To enhance the security of PKI, a trusted relationship is needed called a chain of trust. This hierarchy describes the trust relationship between identities when using Subordinate (intermediate) CAs. The main advantage of this is that it enables the delegation of certificates by Subordinate CAs.

A chain of trust is created by validating each hardware and software component from one end right up to the root certificate. This is to ensure that only trusted software and hardware are used in the PKI.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020