Public Key Infrastructure (PKI)

 Public Key Infrastructure (PKI)

A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.

Without PKI, sensitive information can still be encrypted (ensuring confidentiality) and exchanged, but there would be no assurance of the identity (authentication) of the other party. Any form of sensitive data exchanged over the Internet is reliant on PKI for security.

A typical PKI includes the following key elements:

• A trusted party, called a certificate authority (CA), acts as the root of trust and provides services that authenticate the identity of individuals, computers and other entities.
• A registration authority, often called a subordinate CA, certified by a root CA to issue certificates for specific uses permitted by the root.
• A certificate database, which stores certificate requests and issues and revokes certificates.
• A certificate store, which resides on a local computer as a place to store issued certificates and private keys.