Public key infrastructure (PKI)

About

A public key infrastructure (PKI) is the management and database system for:

  • the creation,
  • the signature
  • the storage,
  • the revocation
  • and the distribution

of digital certificates and public key

A central problem with the use of public key cryptography is confidence/proof that a particular public key is authentic, in that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party. In short,

public key infrastructure validate the ownership of a public key (associate a public key with an identity)

PKI is itself often used as a synonym for a CA implementation but there is other implementation.

Concept

A PKI consists of:

  • A certificate authority (CA) that stores, issues and signs the digital certificates
  • A registration authority which verifies the identity of entities requesting their digital certificates to be stored at the CA
  • A central directory—i.e., a secure location in which to store and index public keys
  • A certificate management system managing things like the access to stored certificates or the delivery of the certificates to be issued.
  • A certificate policy stating the PKI's requirements concerning its procedures. Its purpose is to allow outsiders to analyze the PKI's trustworthiness.

Implementation

The usual implementation is the certificate authorities one.

Hierarchical Certificate Authority

A Public key infrastructure (PKI) using the hierarchical system of Certificate authorities brings trust to the transactions by signing certificate.

ie X.509

Web of trust

On the contrary with the previous pki, the web of trust model is a decentralized model.

Local trust model

Documentation / Reference


Powered by ComboStrap