PKI (Public Key Infrastructure)

Definition

PKI is the framework of policies, roles, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. It enables secure communications over insecure networks.

PKI relies on Certificate Authorities (CAs) to issue and sign certificates, binding public keys to identities. It underpins TLS/HTTPS, email encryption, code signing, and client authentication.

Key Components

• Certificate Authority (CA): Trusted entity that issues digital certificates
• Registration Authority (RA): Verifies certificate applicant identity
• Digital Certificates: Bind public keys to identities (X.509 format)
• Certificate Revocation Lists (CRL): Lists of revoked certificates
• OCSP (Online Certificate Status Protocol): Real-time certificate status checking
• Key Management: Generation, storage, rotation, and destruction of keys

Use Cases

• TLS/HTTPS for web security
• Email encryption (S/MIME)
• Code signing for software distribution
• Client/server mutual authentication
• VPN and Wi-Fi authentication

Related Terms

• Tls