What Is Public Key Infrastructure (PKI) and How Does It Work?

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

PKI, or public key infrastructure, encompasses everything used to establish and manage public key encryption. This includes software, hardware, policies, and procedures that are used to create, distribute, manage, store, and revoke digital certificates.

A digital certificate cryptographically links a public key with the device or user who owns it. This helps to authenticate users and devices and ensure secure digital communications.

PKI is one of the most common forms of internet encryption, and it is used to secure and authenticate traffic between web browsers and web servers. It can also be used to secure access to connected devices and internal communications within an organisation.

Public key infrastructure has a long history of securing and authenticating digital communications with two main goals: to ensure the privacy of the message being sent and to verify that the sender is who they claim to be.

What is public key infrastructure (PKI)?

Public key infrastructure is an important aspect of internet security. It is the set of technology and processes that make up a framework of encryption to protect and authenticate digital communications.

PKI uses cryptographic public keys that are connected to a digital certificate, which authenticates the device or user sending the digital communication. Digital certificates are issued by a trusted source, a certificate authority (CA), and act as a type of digital passport to ensure that the sender is who they say they are.

Public key infrastructure protects and authenticates communications between servers and users, such as between your website (hosted on your web server) and your clients (the user trying to connect through their browser. It can also be used for secure communications within an organisation to ensure that the messages are only visible to the sender and recipient, and they have not been tampered with in transit.

The main components of public key infrastructure include the following:

  • Certificate authority (CA): The CA is a trusted entity that issues, stores, and signs the digital certificate. The CA signs the digital certificate with their own private key and then publishes the public key that can be accessed upon request.
  • Registration authority (RA): The RA verifies the identity of the user or device requesting the digital certificate. This can be a third party, or the CA can also act as the RA.
  • Certificate database: This database stores the digital certificate and its metadata, which includes how long the certificate is valid.
  • Central directory: This is the secure location where the cryptographic keys are indexed and stored.
  • Certificate management system: This is the system for managing the delivery of certificates as well as access to them.
  • Certificate policy: This policy outlines the procedures of the PKI. It can be used by outsiders to determine the PKI’s trustworthiness.

Understanding how PKI works

Public key infrastructure uses asymmetric encryption methods to ensure that messages remain private and also to authenticate the device or user sending the transmission.

Asymmetric encryption involves the use of a public and private key. A cryptographic key is a long string of bits used to encrypt data.

The public key is available to anyone who requests it and is issued by a trusted certificate authority. This public key verifies and authenticates the sender of the encrypted message.

The second component of a cryptographic key pair used in public key infrastructure is the private, or secret, key. This key is kept private by the recipient of the encrypted message and used to decrypt the transmission.

Complex algorithms are used to encrypt and decrypt public/private key pairs. The public key authenticates the sender of the digital message, while the private key ensures that only the recipient can open and read it.

PKI certificates

The core of a public key infrastructure is trust. It is important for a recipient entity to know without a doubt that the sender of the digital certificate is exactly who they claim to be.

Trusted third-party CAs can vouch for the sender and help to prove that they are indeed who they say they are. Digital certificates are used to verify digital identities.

Digital certificates are also called PKI certificates or X.509 certificates. A PKI certificate offers proof of identity to a requesting entity, which is veri