Public key infrastructure

The technology works with a pair of keys, one of which is made public and the other is kept secret. Therefore, the technology is called Public Key Cryptography. The secret key is usually called the private key. Everyone has access to the public key. Therefore, users can start secure communications without previously sharing a secret through another medium with their correspondent.

PKI is the underlying system that is required to perform these actions:

• Issue key pairs and certificates to applicants.
• Publish the public information through public keys, which are used to establish trust.

PKI is a combination of software, encryption technologies, and services. Through these services, enterprises can protect the security of their communications and business transactions over networks. This is achieved by attaching digital signatures and digital signature certificates.

This system relies on mutually trusted third parties to perform these actions:

• Verify the identity of a person or organization.
• Attach that identity to a particular public key.

Using a third party for trust allows end users to delegate trust, instead of having to verify each certificate that is used by another party.

A PKI usually consists of one Central Certifying Authority (CCA) per country. This CCA is usually controlled by the government, and linked to one or more Certifying Authorities (CA’s). The CA's in turn can contain a Registration Authority (RA) and a Validation Authority (VA).

This diagram shows a sample PKI hierarchy: