SecurityArena

Public Key Infrastructure (PKI)

A PKI enables the establishment of a trust hierarchy. The PKI is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates.
The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA.
A public key infrastructure consists of:

• A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public key. The term trusted third party (TTP) may also be used for certificate authority (CA).
• A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor.
• One or more directories where the certificates (with their public keys) are held.
• A certificate management system, including a Certificate revocation list (CRL) of every certificate that has been revoked for one reason or another. This list is maintained periodically.

PKI Working

PKI binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA.
The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA).
For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgettable in public key certificates issued by the CA.