PKI (Public Key Infrastructure)

Public key infrastructure (PKI) refers to tools used to create and manage public keys for encryption, which is a common method of securing data transfers on the internet. PKI is built into all web browsers used today, and it helps secure public internet traffic. Organizations can use it to secure the communications they send back and forth internally and also to make sure connected devices can connect securely.

The most important concept associated with PKI is the cryptographic keys that are part of the encryption process and serve to authenticate different people or devices attempting to communicate with the network.

source: https://www.fortinet.com/resources/cyberglossary/public-key-infrastructure

The components of public key infrastructure include:

• PKI keys: A key pair used for encryption. This protects data by making it unreadable to anyone except the intended recipient. In cryptography, each public key is paired with a private key. The public key is distributed freely and openly, while the private key is secret to the owner.
• Digital certificates: Electronic credentials that link the certificate holder’s identity to a key pair that can be used to encrypt and sign information.
• Certificate authority (CA): An entity that verifies identities and issues digital certificates.
• Registration authority (RA): Responsible for accepting certificate requests and authenticating the individual or organization behind them.
• Certificate repositories: Secure storage systems that hold digital certificates for lookup and validation.
• Centralized management software: Software that lets organizations manage keys and digital certificates from one place.
• Hardware security module (HSM): Physical devices that perform cryptographic operations and store private keys securely.

A digital certificate, sometimes called a “public key certificate,” is an electronic document used to identify the owner of a public key. This allows the recipient to confirm the key came from a legitimate source, mitigating the risk of an MITM (man in the middle) attack. 

PKI certificates typically include:

• Identifiable information, such as the certificate holder’s name, the certificate’s serial number, and its expiration date
• A copy of the public key, which others can use to encrypt data and verify digital signatures, supporting both confidentiality and authentication
• The digital signature of the issuing CA to confirm authenticity

A certificate authority (CA) is a trusted third-party organization that creates and issues digital certificates. They validate identities and help establish trust chains for secure digital communications.

All CAs maintain certificate revocation lists (CRLs), which document certificates revoked before their scheduled expiration date. This helps organizations identify certificates that are no longer valid or secure.

source: https://www.entrust.com/resources/learn/what-is-pki