Public Key Infrastructure (original) (raw)

Last Updated : 29 Apr, 2026

Public Key Infrastructure (PKI) is a security framework that issues and manages digital certificates to establish trust on digital networks. It ensures secure communication by validating identities, protecting data, and preventing unauthorized access.

Provides unique digital identities to users, devices, and systems
Secures communication using public and private key pairs
Prevents MITM attacks by verifying key ownership
Ensures confidentiality, integrity, and authenticity of data

confidentiality_encryption_

Managing Keys in Cryptosystems

Cryptographic security depends on strong key management.

Key Areas of Key Management

Secure administration of cryptographic keys
Managing the entire key lifecycle (generation → storage → rotation → expiration → destruction)
Protecting private keys and assuring public keys

PKI Key Lifecycle

Public Key Responsibilities

**Private Key Secrecy: Must stay protected and accessible only to the owner.
**Public Key Assurance: Public key must be verified so attackers can’t replace it.
PKI ensures public key validation through certificates.

Components of a Public Key Infrastructure (PKI)

**Digital Certificate (X.509): Contains identity + public key.
**Private Key Tokens: Secure storage for private keys.
**Registration Authority (RA): Verifies user identity.
**Certification Authority (CA): Issues and signs certificates.
**Certificate Management System (CMS): Handles storage and revocation.

Working on a PKI

Let us understand the working of PKI in steps.

public_key_infrastructure_pki_

1. PKI and Encryption

**PKI solves the question: “How do we know a public key belongs to the correct person?”
It prevents MITM attacks by issuing verified digital certificates.

2. Digital Certificates (X.509)

Uniquely identify people, servers, or devices
Store a user's public key + identity information
Signed by the Certification Authority
Verified using the CA’s public key

Digital certificates are issued to people and electronic systems to uniquely identify them in the digital world.

Functions of a CA

Generates key pairs
Issues digital certificates after identity verification
Digitally signs certificates
Publishes certificates in directories
Verifies certificates during authentication
Revokes certificates if compromised

Classes of a Digital Certificate

A digital certificate can be divided into four broad categories. These are :

classes_of_digital_certificates

**Class 1: These can be obtained by only providing the email address.
**Class 2: These need more personal information.
**Class 3: This first checks the identity of the person making a request.
**Class 4: They are used by organizations and governments.

Process of creation of certificate

The creation of a certificate takes place as follows:

Private and public keys are created.
CA requests identifying attributes of the owner of a private key.
Public key and attributes are encoded into a CSR or Certificate Signing Request.
Key owner signs that CSR to prove the possession of a private key.
CA signs the certificate after validation.