What is PKI?
PKI stands for public key infrastructure.
PKI is about building a framework
Public Key Infrastructure (PKI) is the set of roles, policies, hardware, software and procedures that build a framework for issuing trusted digital identities to parties, such as users, servers or things. The PKI framework is governed by a set of policies and procedures which define the level of security that should be achieved.
PKI typically includes a combination of software and hardware components that together implement functions for Certificate Authorities, Registration Authorities and Validation Authorities that are responsible for issuing and lifecycle management of trusted identities for the users, servers and things. The trusted identities are implemented as certificates and they are the foundation for many security services that implement authentication, non-repudiation and confidentiality.
You probably use PKI every day
Without even knowing it, you are probably using PKI and PrimeKey technologies on a daily basis. Our PKI solutions and certificates are used in everything from biometric passports to internet banking, smartphones and tablets. You can find our solutions in software distribution and authentication, online identity providers, under the hood of modern cars, Internet of Things (IoT) and more.
In everyday life, you use PKI when doing things online such as:
- Logging in to your bank account
- Shopping on an e-commerce site
- Using an e-passport.
Why do you need Public Key Infrastructure (PKI)?
The world relies heavily on PKI. Governments, innovative tech startups, and world-leading enterprises are all at risk of catastrophic consequences if their data is not properly protected. There are consequences for their users, customers, and for their brand. PKI is the backbone of most IT security solutions today.
About PKI certificates and digital certificates
A PKI certificate is a digitally signed document that is similar to a physical identity card or a passport used in the analog world. The PKI certificate, or digital certificate, is a trusted digital identity used to provide and prove the identity of a user, server or a thing when communicating over untrusted networks.
A key concept behind this is the use of private and public key encryption, where the public key is stored in the certificate along with information about the owner and some administrative data. The certificate is signed by the issuing CA and the signature is attached in the certificate. The X.509 standard defines the most commonly used formats for digital certificates.
Private and public key encryption
In private and public key encryption or asymmetric encryption schemes, a corresponding keypair is used for encryption. One key is used to encrypt a message and the other key in the keypair is used to decrypt. In PKI, one key is called private key and the other key is called public key.
The private key is kept secret and should not be used by anyone else than the owner. The public key is public and stored in a certificate.
Learn how PrimeKey can help
We are passionate about encryption, certificates, keys and IT Security, and we love to share our knowledge. If you have further questions about the technology involved, contact us today or read more about our PKI platform EJBCA Enterprise.