The Public Key Infrastructure (PKI) is a structured combination of hardware, guidelines, people and processes that is vital in the formation, management, storage, allocation and annulment of digital certificates.
PKI makes it possible for users of an unsecured public network to safely and confidentially swap data and money with the assistance of a public and private pair of cryptographic keys issued by a trustworthy authority. A PKI system consists of the following components:
- A Certificate Authority (CA)
- A Registration Authority (RA)
- Certificates directory
- Certificate management system
The usage of digital certificates in a PKI system is essential in managing a network’s security. A PKI certificate or digital certificate is an electronic document that confirms the identity of its owner. These certificates are issued by a certificate authority (CA). The CA, with the help of a registration authority (RA), performs the validation process of confirming the identity of an applicant, and subsequently issues the certificate. The CA completes the entire process by sealing the contents of the certificate with its digital signature.
The digital signature is perhaps the most important component of the digital certificate. It bears proof to the fact that the CA has completed the verification process, and it cannot be duplicated by another authority. It also confirms that the applicant has met the registration and issuance norms and their identity is valid.
Public and private certificates
Public and private certificates form part of the authentication process in an unsecured network such as the Internet. For example, you can send an encrypted message to another person by finding out their public key from a central database, and that person will in turn decrypt the message with their private key. In case of further correspondence, this process can also be repeated from the recipients end, for additional authentication and security.
PKI systems are used to encrypt:
- E-mail messages
- User authentication to secure websites and applications.
- Mobile signatures on mobile devices