PKI - Public key infrastructure

PKI - Infrastruttura di chiavi pubbliche PKI - Infra-estrutura de chaves públicas PKI - Infrastruktur von öffentlichen Schlüsseln PKI - Infrastructure de clés publiques PKI - Infraestructura de clave pública

What is a PKI?

PKI (Public Key Infrastructure) refers to the group of technical solutions based on public-key cryptography.

Public-key cryptosystems make it possible to bypass the need to systematically use a secure channel to exchange keys. However, large-scale publication of public keys needs to be made based on complete trust to make sure that:

  • The public key indeed belongs to its owner;
  • The key's owner is trustworthy;
  • The key is still valid.

As such, the two-part key (public key/private key) needs to be associated with a certificate issued by a trusted third party: public key infrastructure.

Concept of trusted third party

The trusted third party is an entity commonly called a certification authority (abbreviated CA) that is responsible for ensuring the truthfulness of information contained in the public key certificate as well as its validity.

To do so, the authority signs the public key certificate with its own key by using the principle of digital signatures.

Role of public key infrastructure

The role of public key infrastructure is multiple and covers the following areas among others:

  • recording key requests by verifying the requesting parties' identity;
  • generating key pairs (private key/public key);
  • guaranteeing the confidentiality of private keys corresponding to public keys;
  • certifying the relation between each user and his public key;
  • revoking keys (if lost by their owner, if their validity period has expired or if compromised)

Structure of a PKI

A public key infrastructure is generally made of two separate entities:

  • The recording authority (abbreviated RA), in charge of administrative formalities such as verifying requesting parties' identity, monitoring and managing requests, etc.);
  • The certification authority (abbreviated CA), in charge of technical tasks involved in creating certificates. The certification authority is therefore responsible for certificate signing requests (abbreviated CSRs and sometimes called PKCS#10, the name of the corresponding format). The certification authority is also responsible for signing certificate revocation lists (CRLs);
  • The Repository, whose job is to keep certificates in a secure place;


Last update on Thursday October 16, 2008 02:43:18 PM.This document entitled « PKI - Public key infrastructure » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.
Best answers for « PKI Public key infrastructure » in :
Public-key systems Show the principle of public-key encryption The principle of asymmetric encryption (also called public-key encryption) first appeared in 1976, with the publication of a work about cryptography by Whitfield Diffie and Martin Hellman. In an asymmetric...
Private-key (or secret-key) cryptography Show Symmetric encryption Symmetric encryption (also called private-key encryption or secret-key encryption) involves using the same key for encryption and decryption. Encryption involves applying an operation (an algorithm) to the data to be...
GnuPG : key commands Show GnuPG : key commands Storage keyring Public Key servers Below is a list of main commands for operating GnuPG Generate double keys: gpg --gen-key List available keys: gpg --list-keys Exporting your public key: gpg --armor -...
[Debian] Apt-get : NO_PUBKEY / GPG error Show[Debian] Apt-get : NO_PUBKEY / GPG error When updating the Debian based system, it may happens that the apt-get displays an error message like: W: GPG error: ftp://ftp.debian.org/ testing Release: The following signatures couldn't be...
Avast-Obtaining your new licence key and get registered ShowAvast Obtaining your new licence key and get registered Avast is one the first antivirus application for windows Microsoft windows. During first installation of Avast, your licence for operating this software is for a short period of two...
Installing Windows XP from a USB key ShowInstalling Windows XP from a USB key Creating your bootable USB key: Installing XP Here’s how to create a Windows XP, bootable, USB key. This is very useful especially persons using Netbook or in the case that your PC is not equipped...
Download AutoKrypt Show
Download Microsoft Office Publisher Show
Download PicLens Publisher ShowPiclens Publisher is a program allowing to create a diaporama of pictures in full screen for your Websites. It combines the potency of Piclens and Piclens Lite to give you a quality product. Creation is made in two stages: Choose pictures that you...
Certificates ShowIntroduction to the concept of certificates Asymmetric encryption algorithms are based on the sharing of a public key among various users. In general, this key is shared via an electronic directory (usually in LDAP format) or a website. However,...
PGP - Pretty Good Privacy ShowIntroduction to PGP PGP (Pretty Good Privacy) is a cryptosystem (encryption system) that was invented by Philip Zimmermann, a computer analyst. From 1984 to 1991, Philip Zimmermann worked on a program that made it possible to run RSA on personal...
Session keys ShowAdvantages of a session key Asymmetric algorithms (which come into play in public-key cryptosystems) make it possible to eliminate problems related to key sharing via a secure channel. However, they remain much less effective (in terms of...
They need your help