PKI

PKI is a set of standards, procedures, software, and people for implementing authentication using public key cryptography. PKI is used to request, install, configure, manage and revoke digital certificates. PKI offers authentication via digital certificates, and these digital certificates are signed and provided by certificate authorities.

PKI uses public key cryptography and works with x509 standard certificates. It also provides other things such as authenticating users, producing and distributing certificates, maintaining, managing and revoking certificates. PKI is an infrastructure in which many things happen and is not a process or algorithm itself, so PKI consists of a number of aspects to enable the infrastructure to work. As well as authentication, PKI also enables the use of providing integrity, non-repudiation and encryption.

If a company wanted a public key they would require a digital certificate. They will have to request this certificate from a certificate authority or a registration authority. The certificate authority is someone who everyone should trust as a centralised authority for managing and maintaining certificates. The CA will require the company to fill in a number of details and validate their request before they can hand out a certificate. This certificate is a proof that the company is who they say they are in the digital world (like a passport in the real world). An RA is just an organisation who processes requests on behalf of a CA.

PKI combines well with Diffie-Hellman in providing secure key exchanges, as Diffie-Hellman does not provide authentication on its own capabilities. PKI is used in various protocols such as PGP and SSL.