Topic 3B

Public Key Infrastructure

Public Key Infrastructure (PKI) is the framework that helps to establish trust in the use of public key cryptography to sign and encrypt messages via digital certificates. A digital certificate is a public assertion of identity, validated by a certificate authority (CA)

Security professionals are likely to have to install and maintain PKI certificate services for private networks.

Certificate Authorities

Public key cryptography solves the problem of distributing encryption keys when you want to communicate securely with others or authenticate a message that you send to others

your public key to encrypt the message. The message can then only be decrypted by your private key, which you keep known only to yourself.

message with your private key. You give others your public key to use to verify the signature. As only you know the private key, everyone can be assured that only you could have created the signature

The basic problem with public key cryptography is that while owners of private keys can authenticate messages, there is no mechanism for establishing the owner's identity - particularly evident in e-commerce

The fact that a site is distributing a public key to secure communications is no guarantee of actual identity

Public key infrastructure (PKI) aims to prove that the owners of public keys are who they say they are. Under PKI, anyone issuing a public key should publish it in a digital certificate. The certificate’s validity is guaranteed by a certificate authority (CA)

PKI can use private or third party CAs. A private CA can be set up within an organization for internal communications. The certificates it issues will only be trusted within the organization. For public or business-to-business communications, a third-party CA can be used to establish a trust relationship between servers and clients

Examples of third-party CAs include Comodo, DigiCert, GeoTrust, IdenTrust, and Let’s Encrypt.