Skip to content

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) is the comprehensive system of roles, policies, hardware, software, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption^[600-developer-tools-security-000-moc-security.md]. It serves as the backbone for secure electronic information transfer, enabling critical network activities such as e-commerce, internet banking, and confidential email^[600-developer-tools-security-000-moc-security.md].

By establishing a framework of trust, PKI underpins internet security protocols like [[TLS]] and enables the verification of website identities through [[Digital Certificates|Certificates]]^[600-developer-tools-security-000-moc-security.md].

Core Components

The foundation of a PKI is the Certificate Authority (CA), a trusted entity responsible for issuing digital certificates^[600-developer-tools-security-000-moc-security.md]. A CA acts as a third-party verifier, certifying the ownership of a public key by the specific subject named in the certificate^[600-developer-tools-security-000-moc-security.md].

While many organizations rely on public CAs, some scenarios necessitate the creation of internal security systems. In these cases, organizations may choose to establish their own PKI by [[Self-hosting|Self-hosting]] or building a private CA^[600-developer-tools-security-000-moc-security.md].

Implementation and Usage

Developers and system administrators primarily interact with PKI through command-line utilities such as OpenSSL to generate certificate signing requests (CSRs) and manage keys^[600-developer-tools-security-000-moc-security.md].

The primary function of this infrastructure is to facilitate trust during network connections. When a user connects to a server, the PKI system enables the client to verify the server's authenticity. This verification process allows for the establishment of an encrypted channel, ensuring that data remains secure and tamper-proof during transmission^[600-developer-tools-security-000-moc-security.md].

  • [[Digital Certificates]]
  • [[Certificate Authority]]
  • [[TLS]]
  • [[Cryptography]]
  • OpenSSL

Sources

^[600-developer-tools-security-000-moc-security.md]