P
PKI (Public Key Infrastructure)
A framework of policies, hardware, software, and procedures for creating, managing, and revoking digital certificates and public keys.
What is PKI?
Public Key Infrastructure (PKI) is a system for creating, storing, distributing, and revoking digital certificates. PKI enables secure electronic communication by verifying the identity of users and devices and encrypting data.
PKI Components
- Certificate Authority (CA): Issues and manages certificates
- Registration Authority (RA): Verifies identity before certificate issuance
- Certificate: Binds public key to identity
- Certificate Database: Stores issued certificates
- Certificate Revocation List (CRL): Lists revoked certificates
How PKI Works
- User generates public/private key pair
- User submits certificate signing request (CSR)
- RA verifies user identity
- CA signs certificate with its private key
- Certificate is issued to user
- Others verify certificate using CA's public key
Certificate Types
- DV (Domain Validation): Confirms domain ownership
- OV (Organization Validation): Verifies organization identity
- EV (Extended Validation): Rigorous organization verification
- Wildcard: Covers all subdomains
- Multi-domain (SAN): Covers multiple domains
PKI Use Cases
- HTTPS/TLS website encryption
- Email encryption (S/MIME)
- Code signing
- Document signing
- VPN authentication
- Smart card authentication