Public Key Infrastructure

Last Updated : 29 Apr, 2026

Public Key Infrastructure (PKI) is a security framework that issues and manages digital certificates to establish trust on digital networks. It ensures secure communication by validating identities, protecting data, and preventing unauthorized access.

  • Provides unique digital identities to users, devices, and systems
  • Secures communication using public and private key pairs
  • Prevents MITM attacks by verifying key ownership
  • Ensures confidentiality, integrity, and authenticity of data
confidentiality_encryption_

Managing Keys in Cryptosystems

Cryptographic security depends on strong key management.

Key Areas of Key Management

  • Secure administration of cryptographic keys
  • Managing the entire key lifecycle (generation → storage → rotation → expiration → destruction)
  • Protecting private keys and assuring public keys

PKI Key Lifecycle

Public Key Responsibilities

  • Private Key Secrecy: Must stay protected and accessible only to the owner.
  • Public Key Assurance: Public key must be verified so attackers can’t replace it.
  • PKI ensures public key validation through certificates.

Components of a Public Key Infrastructure (PKI)

  • Digital Certificate (X.509): Contains identity + public key.
  • Private Key Tokens: Secure storage for private keys.
  • Registration Authority (RA): Verifies user identity.
  • Certification Authority (CA): Issues and signs certificates.
  • Certificate Management System (CMS): Handles storage and revocation.

Working on a PKI

Let us understand the working of PKI in steps. 

public_key_infrastructure_pki_

1. PKI and Encryption

  • PKI solves the question: “How do we know a public key belongs to the correct person?”
  • It prevents MITM attacks by issuing verified digital certificates.

2. Digital Certificates (X.509)

  • Uniquely identify people, servers, or devices
  • Store a user's public key + identity information
  • Signed by the Certification Authority
  • Verified using the CA’s public key

Role of the Certification Authority (CA)

Digital certificates are issued to people and electronic systems to uniquely identify them in the digital world. 

Functions of a CA

  • Generates key pairs
  • Issues digital certificates after identity verification
  • Digitally signs certificates
  • Publishes certificates in directories
  • Verifies certificates during authentication
  • Revokes certificates if compromised

Classes of a Digital Certificate

A digital certificate can be divided into four broad categories. These are :

classes_of_digital_certificates
  • Class 1: These can be obtained by only providing the email address.
  • Class 2: These need more personal information.
  • Class 3: This first checks the identity of the person making a request.
  • Class 4: They are used by organizations and governments.

Process of creation of certificate

The creation of a certificate takes place as follows:

  • Private and public keys are created.
  • CA requests identifying attributes of the owner of a private key.
  • Public key and attributes are encoded into a CSR or Certificate Signing Request.
  • Key owner signs that CSR to prove the possession of a private key.
  • CA signs the certificate after validation.
Comment

Explore