Public key infrastructure (PKI)

> Software Security > Cryptography - Key

1 - About

A public key infrastructure (PKI) is the management and database system for:

  • the creation,
  • the signature
  • the storage,
  • the revocation
  • and the distribution

of digital certificates and public key

A central problem with the use of public key cryptography is confidence/proof that a particular public key is authentic, in that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by a malicious third party. In short, public key infrastructure validate the ownership of a public key (associate a public key with an identity)

PKI is itself often used as a synonym for a CA implementation but there is other implementation.


3 - Concept

A PKI consists of:

  • A certificate authority (CA) that stores, issues and signs the digital certificates
  • A registration authority which verifies the identity of entities requesting their digital certificates to be stored at the CA
  • A central directory—i.e., a secure location in which to store and index public keys
  • A certificate management system managing things like the access to stored certificates or the delivery of the certificates to be issued.
  • A certificate policy stating the PKI's requirements concerning its procedures. Its purpose is to allow outsiders to analyze the PKI's trustworthiness.

4 - Implementation

The usual implementation is the certificate authorities one.

4.1 - Hierarchical Certificate Authority

A Public key infrastructure (PKI) using the hierarchical system of Certificate authorities brings trust to the transactions by signing certificate.

ie X.509

4.2 - Web of trust

On the contrary with the previous pki, the web of trust model is a decentralized model.

4.3 - Local trust model

5 - Documentation / Reference