Home

PKIs

Public Key Infrastructure (PKI) is a framework of policies, procedures, people, hardware, and software that enables the creation, management, distribution, use, storage, and revocation of digital certificates. It binds public keys to entities such as people, organizations, or devices, enabling trusted identity verification and secure communication in networks that use public-key cryptography.

Core components include a certificate authority (CA) that issues certificates, one or more registration authorities (RA)

PKIs are organized around trust models. A common model is a hierarchical PKI with a root CA

Standards and protocols define certificate formats, signing, and validation. X.509 certificates, PKI-related protocols (e.g., TLS, S/MIME),

Lifecycle processes include key generation, certificate signing requests, identity verification, issuance, renewal, and revocation. Clients validate

Common use cases include securing web traffic with TLS, email security with S/MIME, code signing, document signing,

Challenges involve secure key management, key compromise risk, revocation latency, scalability, algorithm agility, and privacy considerations

that
verify
applicants,
certificate
databases
or
directories,
and
mechanisms
for
revocation
such
as
CRLs
and
OCSP.
Private
keys
are
protected
by
hardware
security
modules
(HSMs)
or
secure
software
stores.
Certificates
follow
standards
such
as
X.509
and
are
used
in
chains
leading
from
a
trusted
root
to
subordinate
CAs.
and
subordinate
CAs
forming
a
chain
of
trust.
Other
models
include
cross-certification,
bridges,
and
web-of-trust
variants
used
in
some
contexts.
and
policy
statements
(Certification
Practice
Statements)
guide
operation
and
trust
assumptions.
certificates
by
traversing
the
trust
chain
and
checking
revocation
status
via
CRLs
or
OCSP.
Certificates
expire,
limiting
exposure
if
keys
are
compromised.
VPNs,
and
device
authentication.
in
identity
verification.
PKI
has
evolved
since
the
1990s
with
X.509
and
commercial
CAs
shaping
online
trust.