Encyclopedia > Public key infrastructure

  Article Content

Public key infrastructure

PKI (Public Key Infrastructure) is a set of software that enables a user to encrypt/decrypt messages with his private/public key. A user may also use his PKI software to digitally sign messages using his private key. This enables two (or more) communicating parties to establish confidentiality[?], message integrity and authentication without having to exchange any secret information in advance.

One example of a PKI software system is GPG (The GNU Privacy Guard). Another popular PKI implementation is PGP (Pretty Good Privacy).

In contrast to PGP and similar systems, which use self-signed certificates, most enterprise PKI systems rely on certificate chains to establish a party's identity, as it is certified by a "higher" authority. Eventually, this leads to the creation of certificate hierarchies. Much of the standardization in this area is done by the IETF PKIX[?] workgroup.

Enterprise PKI systems are often integrated with the enterprise directory, in which each employee's public key is stored, together with other personal details. Today's leading directory technology is LDAP and in fact, the standard certificate format (X.509[?]) stems from this use in the precursor to LDAP, the X.500 directory schema.

PKI has many uses, including:

  • Encryption and/or sender-authentication of Email messages, using PGP or S/MIME[?].
  • Encryption and/or authentication of documents, e.g. (when documents are encoded as XML) the XMLDSIG[?] standard.
  • Authentication of users to applications, e.g., smart card logon, and client authentication with SSL.
  • Bootstrapping secure communication protocols, such as IKE and SSL. In both of these, initial set-up of a secure channel ("security association") uses public key methods, whereas actual communication uses the faster secret key (a.k.a. symmetric key) methods.

External Links

Pointers to leading vendors? Why is PKI often considered a white elephant?

See also public key cryptography.



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
DB

... company DB is the abbreviation of Dominion Breweries[?], a major beer brewing company of New Zealand. This is a disambiguation page; that is, one that just points ...

 
 
 
This page was created in 24.7 ms