Public key infrastructure (PKI)

About

A public key infrastructure (PKI) is the management and database system for:

of digital certificates and public key

A central problem with the use of public key cryptography is confidence/proof that a particular public key is authentic, in that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party. In short,

public key infrastructure validate the ownership of a public key (associate a public key with an identity)

PKI is itself often used as a synonym for a CA implementation but there is other implementation.

Concept

A PKI consists of:

  • A certificate authority (CA) that stores, issues and signs the digital certificates
  • A registration authority which verifies the identity of entities requesting their digital certificates to be stored at the CA
  • A central directory (public key server) i.e., a secure location in which to store and index public keys
  • A certificate management system managing things like the access to stored certificates or the delivery of the certificates to be issued.
  • A certificate policy stating the PKI's requirements concerning its procedures. Its purpose is to allow outsiders to analyze the PKI's trustworthiness.

Implementation

The usual implementation is the certificate authorities one.

Hierarchical Certificate Authority

A Public key infrastructure (PKI) using the hierarchical system of Certificate authorities brings trust to the transactions by signing certificate.

Web of trust

On the contrary with the previous pki, the web of trust model is a decentralized model.

Local trust model

e.g., Simple public key infrastructure (SPKI)

Documentation / Reference





Discover More
Cryptography - Key

A key is a parameter used in a cipher algorithm that determines: the encryption operation (forward) and the decryption operation (backward). It's the only secret parameter that protect the anonymity...
Diffie–Hellman key exchange

is a key exchange. in 1974, the GCHQ mathematician and cryptographer, Malcolm_J._WilliamsonMalcolm J. Williamson developed it. In the Diffie–Hellman_key_exchange scheme: each party generates a ...
Public Key Server (keyserver)

In a public key infrastructure, a public key server is a server that stores and make the public key available to the public. You can think of the keyserver as a phonebook where people: can look up...
Trust model (Certificate Authority - CA)

A trust model is a systems to establish the authenticity of the binding between a public key and its owner (ie process of verification and certificate signature) There is two type of trust model: ...
Trust model - Certificate authorities (CA) or Trusted Third party (TTP)

certificate authorities are the a “gatekeeper” of public and private keys. They are also known as trusted third partytrusted third party (TTP) The primary role of the CA is to: digitally sign...
Trust model - Web of trust

A web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. It decentralizes authentication of...
What is a Public Key Cryptography (known as Asymmetric Cipher) ?

Public key cryptography is a cryptographic system from the 70's that uses pairs of keys It's also known as: asymmetric cryptography) non-secret encryption Public key cryptography is used by Internet...
What is the Principal of a user in Authentication?

A principal in security is the unique identifier of an identity ie: object, service, person (users), groups, domains, service accounts. The identity key or principal is typically an account’s...



Share this page:
Follow us:
Task Runner