5.6.5 Public-Key Infrastructure (PKI)
A public-key infrastructure (PKI) is the framework that enables the practical use of asymmetric cryptography across large networks. It manages the creation, distribution, authentication, and revocation of digital certificates that bind public keys to verified identities.
At the core of a PKI is a Certificate Authority (CA)—a trusted organization that issues and signs digital certificates in accordance with defined security policies. Each certificate contains the subject’s public key, identifying information, and the CA’s digital signature, allowing any party to verify that the public key truly belongs to the stated entity.
Other essential components include Registration Authorities (RAs), which validate certificate requests; Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) servers, which manage expired or compromised certificates; and repositories that store and distribute valid certificates.
PKI underpins modern secure-communications systems such as HTTPS/TLS, VPN authentication, secure email (S/MIME), and code-signing infrastructures. It provides the trust model that allows asymmetric algorithms such as RSA and ECC to operate securely at Internet scale.
Back to reading