Skip to content
geeksforgeeks
  • Tutorials
    • Python
    • Java
    • Data Structures & Algorithms
    • ML & Data Science
    • Interview Corner
    • Programming Languages
    • Web Development
    • CS Subjects
    • DevOps And Linux
    • School Learning
    • Practice Coding Problems
  • Courses
    • DSA to Development
    • Get IBM Certification
    • Newly Launched!
      • Master Django Framework
      • Become AWS Certified
    • For Working Professionals
      • Interview 101: DSA & System Design
      • Data Science Training Program
      • JAVA Backend Development (Live)
      • DevOps Engineering (LIVE)
      • Data Structures & Algorithms in Python
    • For Students
      • Placement Preparation Course
      • Data Science (Live)
      • Data Structure & Algorithm-Self Paced (C++/JAVA)
      • Master Competitive Programming (Live)
      • Full Stack Development with React & Node JS (Live)
    • Full Stack Development
    • Data Science Program
    • All Courses
  • Aptitude
  • Engineering Mathematics
  • Discrete Mathematics
  • Operating System
  • DBMS
  • Computer Networks
  • Digital Logic and Design
  • C Programming
  • Data Structures
  • Algorithms
  • Theory of Computation
  • Compiler Design
  • Computer Org and Architecture
Open In App

Public Key Infrastructure

Last Updated : 09 Jun, 2022
Comments
Improve
Suggest changes
Like Article
Like
Report

Public key infrastructure or PKI is the governing body behind issuing digital certificates. It helps to protect confidential data and gives unique identities to users and systems. Thus, it ensures security in communications.

The public key infrastructure uses a pair of keys: the public key and the private key to achieve security. The public keys are prone to attacks and thus an intact infrastructure is needed to maintain them. 

Managing Keys in the Cryptosystem:

The security of a cryptosystem relies on its keys. Thus, it is important that we have a solid key management system in place.  The  3 main areas of key management are as follows:

  • A cryptographic key is a piece of data that must be managed by secure administration.
  • It involves managing the key life cycle which is as follows:

PKI Key Lifecycle

  • Public key management further requires:
    • Keeping the private key secret: Only the owner of a private key is authorized to use a private key.  It should thus remain out of reach of any other person.
    • Assuring the public key: Public keys are in the open domain and can be publicly accessed. When this extent of public accessibility, it becomes hard to know if a key is correct and what it will be used for. The purpose of a public key must be explicitly defined.

PKI or public key infrastructure aims at achieving the assurance of public key. 

Public Key Infrastructure:

Public key infrastructure affirms the usage of a public key. PKI identifies a public key along with its purpose. It usually consists of the following components:

  • A digital certificate also called a public key certificate
  • Private Key tokens
  • Registration authority
  • Certification authority
  • CMS or Certification management system

Working on a PKI:

Let us understand the working of PKI in steps. 

  • PKI and Encryption: The root of PKI involves the use of cryptography and encryption techniques. Both symmetric and asymmetric encryption uses a public key. The challenge here is - "how do you know that the public key belongs to the right person or to the person you think it belongs to?". There is always a risk of MITM(Man in the middle). This issue is resolved by a PKI using digital certificates. It gives identities to keys in order to make the verification of owners easy and accurate.
  • Public Key Certificate or Digital Certificate: Digital certificates are issued to people and electronic systems to uniquely identify them in the digital world. Here are a few noteworthy things about a digital certificate. Digital certificates are also called X.509 certificates. This is because they are based on the ITU standard X.509.
    • The Certification Authority (CA) stores the public key of a user along with other information about the client in the digital certificate. The information is signed and a digital signature is also included in the certificate.
    • The affirmation for the public key then thus be retrieved by validating the signature using the public key of the Certification Authority.
  • Certifying Authorities: A CA issues and verifies certificates. This authority makes sure that the information in a certificate is real and correct and it also digitally signs the certificate. A CA or Certifying Authority performs these basic roles:
    • Generates the key pairs - This key pair generated by the CA can be either independent or in collaboration with the client.
    • Issuing of the digital certificates -  When the client successfully provides the right details about his identity, the CA issues a certificate to the client. Then CA further signs this certificate digitally so that no changes can be made to the information.
    • Publishing of certificates - The CA publishes the certificates so that the users can find them. They can do this by either publishing them in an electronic telephone directory or by sending them out to other people.
    • Verification of certificate - CA gives a public key that helps in verifying if the access attempt is authorized or not.
    • Revocation - In case of suspicious behavior of a client or loss of trust in them, the CA has the power to revoke the digital certificate.

Classes of a Digital Certificate:

A digital certificate can be divided into four broad categories. These are :

  • Class 1: These can be obtained by only providing the email address.
  • Class 2: These need more personal information.
  • Class 3: This first checks the identity of the person making a request.
  • Class 4: They are used by organizations and governments.

Process of creation of certificate:

The creation of a certificate takes place as follows:

  • Private and public keys are created.
  • CA requests identifying attributes of the owner of a private key.
  • Public key and attributes are encoded into a CSR or Certificate Signing Request.
  • Key owner signs that CSR to prove the possession of a private key.
  • CA signs the certificate after validation.

Creation of Trust layers among CA Hierarchies:

Each CA has its own certificate. Thus, trust is built hierarchically where one CA issues certificates to other CAs. Moreover, there is a root certificate that is self-signed. For a root CA, the issuer and the subject are not two separate parties but a single party. 

Security of Root CA:

As you saw above, the ultimate authority is the root CA. Hence, the security of root CA is of huge importance. If the private key of a root CA is not taken care of, then it might turn into a catastrophe. This is because anyone disguised as the root CA can then issue certificates. To meet security standards, a root CA should be offline 99.9% of the time. However, it does need to come online to create public and private keys and to issue new certificates. Ideally, these activities should be performed 2-4 times a year. 

Use of PKI in Today's Digital Age:

Today, there are an enormous number of applications that need require authentication. Certifications are needed at millions of places. This can not be done without a Public key infrastructure. The importance of PKI, depending on the use case and needs, has evolved over time. Here is a part of that track. 

  • For the very first time during the period of 1995 to 2002, the use of PKI was limited to the most important and high-value certificates. This included the certificates of eCommerce websites that enabled them to display the lock icon in the search bar. The goal was to make consumers confident about the security and authenticity of various websites.
  • The second episode of PKI emerged around 2003 to 2010 when enterprises came into the picture. It was at this time that employees received laptops and the use of mobile phones was rising. Thus, employees needed access to the organization's assets even outside the office. That is when the use of PKI looked like the best way for authentication.
  • The third phase started in 2011 and is continuing to date. With the advent of new technologies like IoT(Internet of Things) and need the to scale PKI, the use, as well as the challenges in using PKI, have increased tremendously. Today, millions of certificates are issued to authenticate mobile workforces. However, managing this huge number of certificates is quite challenging.
  • S/MIME, Document Signing, code or app signing also uses PKI.

Challenges that a PKI Solves:

PKI owes its popularity to the various problems its solves. Some use cases of PKI are:

  • Securing web browsers and communicating networks by SSL/TLS certifications.
  • Maintaining Access Rights over Intranets and VPNs.
  • Data Encryption
  • Digitally Signed Software
  • Wi-fi Access Without Passwords

Other than these, one of the most important use cases of PKI is based around IoT(Internet of Things). Here are two industries that are using PKI for IoT devices:

  • Auto Manufacturers: Cars these days have features like GPS, call for services, assistants, etc. These require communication paths where a lot of data is passed. Making these connections secure is very important to avoid malicious parties hacking into the cars. This is where PKI comes in.
  • Medical device Manufacturers: Devices like surgical robots require high security. Also, FDA mandates that any next-generation medical device must be updatable so that bugs can be removed and security issues can be dealt with. PKI is used to issues certificates to such devices.

Disadvantages of PKI:

  • Speed: Since PKI uses super complex algorithms to create a secure key pair. So it eventually slows down the process and data transfer.
     
  • Private Key Compromise: Even though PKI can't be hacked very easily but a private key can be hacked by a professional hacker, since PKI uses Public and Private key to encrypt and decrypt data so with user's private key in hand and public key which is easily available the information can be decrypted easily.

E
everythingtech
Improve
Article Tags :
  • Computer Subject
  • Computer Networks
  • Geeks Premier League
  • Geeks-Premier-League-2022

Similar Reads

    Cryptography Tutorial
    Cryptography is a technique of securing communication by converting plain text into unintelligible ciphertext. It involves various algorithms and protocols to ensure data confidentiality, integrity, authentication, and non-repudiation. The two primary types of cryptography are symmetric key cryptogr
    7 min read

    Cryptography Basic

    Cryptography Introduction
    Cryptography is the study and practice of techniques for secure communication in the presence of third parties called adversaries. It deals with developing and analyzing protocols that prevents malicious third parties from retrieving information being shared between two entities thereby following th
    4 min read
    History of Cryptography
    Humans have two basic needs when we take about communication. One is the need to communicate selectively, to communicate and share information. These two basic needs while communicating gave rise to coding and encrypting the messages in such a way that only intended people could have access to the i
    4 min read
    Cryptography and its Types
    Cryptography is a technique of securing information and communications using codes to ensure confidentiality, integrity and authentication. Thus, preventing unauthorized access to information. The prefix "crypt" means "hidden" and the suffix "graphy" means "writing". In Cryptography, the techniques
    8 min read
    Cryptography and Network Security Principles
    In the present-day scenario security of the system is the sole priority of any organization. The main aim of any organization is to protect their data from attackers. In cryptography, attacks are of two types: Passive attacks and Active attacks. Passive attacks are those that retrieve information fr
    9 min read

    Cryptography Algorithm

    Public Key Encryption
    Public key cryptography provides a secure way to exchange information and authenticate users by using pairs of keys. The public key is used for encryption and signature verification, while the private key is used for decryption and signing. When the two parties communicate with each other to transfe
    7 min read
    Traditional Symmetric Ciphers
    The two types of traditional symmetric ciphers are Substitution Cipher and Transposition Cipher. The following flowchart categories the traditional ciphers: 1. Substitution Cipher: Substitution Ciphers are further divided into Mono-alphabetic Cipher and Poly-alphabetic Cipher. First, let's study abo
    3 min read
    What is an Asymmetric Encryption?
    Asymmetric encryption, also known as public-key cryptography, is a type of encryption that uses a pair of keys to encrypt and decrypt data. The pair of keys includes a public key, which can be shared with anyone, and a private key, which is kept secret by the owner. What is an Asymmetric Encryption?
    8 min read
    Difference between Private key and Public key
    Cryptography as a field emphasizes the need to guarantee secure communication and data privacy. There are mainly two approaches available to perform this operation: – Private Key Cryptography (RIC or Symmetric Key Cryptography) and Public Key Cryptography (PKE or Asymmetric Key Cryptography). Althou
    6 min read

    What is data encryption?

    What is Data Encryption?
    Data encryption is the process of converting readable information (plaintext) into an unreadable format (ciphertext) to protect it from unauthorized access. It is a method of preserving data confidentiality by transforming it into ciphertext, which can only be decoded using a unique decryption key p
    10 min read
    Encryption, Its Algorithms And Its Future
    Encryption plays a vital role in today’s digital world, serving a major role in modern cyber security. It involves converting plain text into cipher text, ensuring that sensitive information remains secure from unauthorized access. By making data unreadable to unauthorized parties, encryption helps
    10 min read
    SHA-1 Hash
    SHA-1 or Secure Hash Algorithm 1 is a cryptographic algorithm that takes an input and produces a 160-bit (20-byte) hash value. This hash value is known as a message digest. This message digest is usually then rendered as a hexadecimal number which is 40 digits long. It is a U.S. Federal Information
    7 min read
    RC4 Encryption Algorithm
    RC4 is a stream cipher and variable-length key algorithm. This algorithm encrypts one byte at a time (or larger units at a time). A key input is a pseudorandom bit generator that produces a stream 8-bit number that is unpredictable without knowledge of the input key, The output of the generator is c
    6 min read
    Hash Functions in System Security
    Hash Function is a function that has a huge role in making a System Secure as it converts normal data given to it as an irregular value of fixed length. We can imagine it to be a Shaker in our homes. When we put data into this function it outputs an irregular value. The Irregular value it outputs is
    4 min read
    Blowfish Algorithm with Examples
    Blowfish is an encryption technique designed by Bruce Schneier in 1993 as an alternative to the DES Encryption Technique. It is significantly faster than DES and provides a good encryption rate with no effective cryptanalysis technique found to date. It is one of the first secure block ciphers not s
    14 min read
    Difference between MD5 and SHA1
    MD5 stands for Message Digest and SHA1 stands for Secure Hash Algorithm both are cryptographic hash algorithms used for security purposes. SHA-1 or Secure Hash Algorithm 1 is a cryptographic algorithm that takes an input and produces a 160-bit (20-byte) hash value. This hash value is known as a mess
    5 min read
    Difference between RSA algorithm and DSA
    In cryptography, the two commonly used algorithms in modern cryptography for secure data transmission and to ensure the signatures of digital signatures, are the Rivest-Shamir-Adleman (RSA) algorithm and Digital Signature Algorithm (DSA). We'll learn about RSA and DSA, how they work when are they us
    8 min read

    Classical Encryption Techniques

    Symmetric Cipher Model
    Symmetric Encryption is the most basic and old method of encryption. It uses only one key for the process of both the encryption and decryption of data. Thus, it is also known as Single-Key Encryption. A few basic terms in Cryptography are as follows: Plain Text: original message to be communicated
    3 min read
    Substitution Cipher
    Hiding some data is known as encryption. When plain text is encrypted it becomes unreadable and is known as ciphertext. In a Substitution cipher, any character of plain text from the given fixed set of characters is substituted by some other character from the same set depending on a key. For exampl
    6 min read
    Columnar Transposition Cipher
    Given a plain-text message and a numeric key, cipher/de-cipher the given text using Columnar Transposition Cipher The Columnar Transposition Cipher is a form of transposition cipher just like Rail Fence Cipher. Columnar Transposition involves writing the plaintext out in rows, and then reading the c
    12 min read

    Block Cipher , DES and AES

    Block Cipher Design Principles
    Block ciphers are built in the Feistel cipher structure. Block cipher has a specific number of rounds and keys for generating ciphertext.Block cipher is a type of encryption algorithm that processes fixed-size blocks of data, usually 64 or 128 bits, to produce ciphertext. The design of a block ciphe
    3 min read
    Block Cipher modes of Operation
    Encryption algorithms are divided into two categories based on the input type: block cipher and stream cipher. A block cipher is an encryption algorithm that takes a fixed-size input (e.g., b bits) and produces a ciphertext of b bits. If the input is larger than b bits, it can be divided further. Th
    8 min read
    Data Encryption Standard (DES) | Set 1
    Data Encryption Standard (DES) is a symmetric block cipher. By 'symmetric', we mean that the size of input text and output text (ciphertext) is same (64-bits). The 'block' here means that it takes group of bits together as input instead of encrypting the text bit by bit. Data encryption standard (DE
    15+ min read
    Double DES and Triple DES
    As we know the Data encryption standard (DES) uses 56 bit key to encrypt any plain text which can be easily be cracked by using modern technologies. To prevent this from happening double DES and triple DES were introduced which are much more secured than the original DES because it uses 112 and 168
    2 min read
    Strength of Data encryption standard (DES)
    Data Encryption Standard (DES) is a symmetric block cipher. By ‘symmetric’, we mean that the size of input text and output text (ciphertext) is same (64-bits). The block here means that it takes group of bits together as input instead of encrypting the text bit by bit. Data encryption standard (DES)
    5 min read
    AES Full Form
    AES stands for Advanced Encryption Standard and is a majorly used symmetric encryption algorithm. It is mainly used for encryption and protection of electronic data. It was used as the replacement of DES(Data encryption standard) as it is much faster and better than DES. AES consists of three block
    2 min read
    Advanced Encryption Standard (AES)
    Advanced Encryption Standard (AES) is a highly trusted encryption algorithm used to secure data by converting it into an unreadable format without the proper key. It is developed by the National Institute of Standards and Technology (NIST) in 2001. It is is widely used today as it is much stronger t
    7 min read
    Difference Between AES and DES Ciphers
    DES (Data Encryption Standard) and AES (Advanced Encryption Standard) are both symmetric key encryption algorithms used to secure data. They use the same key for both encryption and decryption, but differ significantly in strength and design. Advanced Encryption Standard (AES) is a highly trusted en
    5 min read

    Public Key Cryptography and RSA

    RSA Algorithm in Cryptography
    RSA(Rivest-Shamir-Adleman) Algorithm is an asymmetric or public-key cryptography algorithm which means it works on two different keys: Public Key and Private Key. The Public Key is used for encryption and is known to everyone, while the Private Key is used for decryption and must be kept secret by t
    13 min read
    Implementation of Diffie-Hellman Algorithm
    Diffie-Hellman algorithm:The Diffie-Hellman algorithm is being used to establish a shared secret that can be used for secret communications while exchanging data over a public network using the elliptic curve to generate points and get the secret key using the parameters. For the sake of simplicity
    10 min read
    ElGamal Encryption Algorithm
    ElGamal Encryption is a public-key cryptosystem. It uses asymmetric key encryption to communicate between two parties and encrypt the message. This cryptosystem is based on the difficulty of finding discrete logarithms in a cyclic group that is even if we know ga and gk, it is extremely difficult to
    6 min read

    What is Cryptanalysis?

    Understanding Rainbow Table Attack
    What is a Rainbow Table? The passwords in a computer system are not stored directly as plain texts but are hashed using encryption. A hash function is a 1-way function, which means that it can't be decrypted. Whenever a user enters a password, it is converted into a hash value and is compared with t
    4 min read
    What is a Dictionary Attack?
    A Dictionary Attack is an attack vector used by the attacker to break in a system, which is password protected, by putting technically every word in a dictionary as a form of password for that system. This attack vector is a form of Brute Force Attack. The dictionary can contain words from an Englis
    2 min read
    Brute Force Attack
    A Brute force attack is a well known breaking technique, by certain records, brute force attacks represented five percent of affirmed security ruptures. A brute force attack includes 'speculating' username and passwords to increase unapproved access to a framework. Brute force is a straightforward a
    3 min read

    Comman Cryptography

    Custom Building Cryptography Algorithms (Hybrid Cryptography)
    Cryptography can be defined as an art of encoding and decoding the patterns (in the form of messages). Cryptography is a very straightforward concept which deals with manipulating the strings (or text) to make them unreadable for the intermediate person. It has a very effective way to encrypt or dec
    15+ min read
    An Overview of Cloud Cryptography
    Cloud cryptography is a set of techniques used to secure data stored and processed in cloud computing environments. It provides data privacy, data integrity, and data confidentiality by using encryption and secure key management systems. Common methods used in cloud cryptography include:Symmetric en
    4 min read
    Quantum Cryptography
    The uncertainty principle of quantum physics builds the earliest foundations for quantum cryptography. With quantum computers of the future being expected to solve discrete logarithmic problems and the popularly known cryptography methods such as AES, RSA, DES, quantum cryptography becomes the fores
    7 min read
    Image Steganography in Cryptography
    The word Steganography is derived from two Greek words- 'stegos' meaning 'to cover' and 'grayfia', meaning 'writing', thus translating to 'covered writing', or 'hidden writing'. Steganography is a method of hiding secret data, by embedding it into an audio, video, image, or text file. It is one of t
    8 min read
    DNA Cryptography
    Cryptography is the branch of science that deals with the encoding of information to hide messages. It plays a vital role in the infrastructure of communication security. The Pioneering work had been done by Ashish Gehani et al and Amin et al after Leonard Max Adleman had shown the capability of mol
    12 min read
    Caesar Cipher in Cryptography
    The Caesar Cipher is one of the simplest and oldest methods of encrypting messages, named after Julius Caesar, who reportedly used it to protect his military communications. This technique involves shifting the letters of the alphabet by a fixed number of places. For example, with a shift of three,
    11 min read
    One Time Password (OTP) algorithm in Cryptography
    Authentication, the process of identifying and validating an individual is the rudimentary step before granting access to any protected service (such as a personal account). Authentication has been built into the cyber security standards and offers to prevent unauthorized access to safeguarded resou
    7 min read

    Data Integrity in Cryptography

    Message Authentication Codes
    Message Authentication Codes are the codes which plays their role in two important functions: Authentication Detection and Falsification Detection. Where do we need these codes? Suppose User A send message to user B with message - 'abc'. A encrypts the message using Shared - Key Cryptosystem for enc
    2 min read
    Digital Signatures and Certificates
    Digital signatures and certificates are two key technologies that play an important role in ensuring the security and authenticity of online activities. They are essential for activities such as online banking, secure email communication, software distribution, and electronic document signing. By pr
    11 min read
    Public Key Infrastructure
    Public key infrastructure or PKI is the governing body behind issuing digital certificates. It helps to protect confidential data and gives unique identities to users and systems. Thus, it ensures security in communications. The public key infrastructure uses a pair of keys: the public key and the p
    7 min read
geeksforgeeks-footer-logo
Corporate & Communications Address:
A-143, 7th Floor, Sovereign Corporate Tower, Sector- 136, Noida, Uttar Pradesh (201305)
Registered Address:
K 061, Tower K, Gulshan Vivante Apartment, Sector 137, Noida, Gautam Buddh Nagar, Uttar Pradesh, 201305
GFG App on Play Store GFG App on App Store
Advertise with us
  • Company
  • About Us
  • Legal
  • Privacy Policy
  • In Media
  • Contact Us
  • Advertise with us
  • GFG Corporate Solution
  • Placement Training Program
  • Languages
  • Python
  • Java
  • C++
  • PHP
  • GoLang
  • SQL
  • R Language
  • Android Tutorial
  • Tutorials Archive
  • DSA
  • Data Structures
  • Algorithms
  • DSA for Beginners
  • Basic DSA Problems
  • DSA Roadmap
  • Top 100 DSA Interview Problems
  • DSA Roadmap by Sandeep Jain
  • All Cheat Sheets
  • Data Science & ML
  • Data Science With Python
  • Data Science For Beginner
  • Machine Learning
  • ML Maths
  • Data Visualisation
  • Pandas
  • NumPy
  • NLP
  • Deep Learning
  • Web Technologies
  • HTML
  • CSS
  • JavaScript
  • TypeScript
  • ReactJS
  • NextJS
  • Bootstrap
  • Web Design
  • Python Tutorial
  • Python Programming Examples
  • Python Projects
  • Python Tkinter
  • Python Web Scraping
  • OpenCV Tutorial
  • Python Interview Question
  • Django
  • Computer Science
  • Operating Systems
  • Computer Network
  • Database Management System
  • Software Engineering
  • Digital Logic Design
  • Engineering Maths
  • Software Development
  • Software Testing
  • DevOps
  • Git
  • Linux
  • AWS
  • Docker
  • Kubernetes
  • Azure
  • GCP
  • DevOps Roadmap
  • System Design
  • High Level Design
  • Low Level Design
  • UML Diagrams
  • Interview Guide
  • Design Patterns
  • OOAD
  • System Design Bootcamp
  • Interview Questions
  • Inteview Preparation
  • Competitive Programming
  • Top DS or Algo for CP
  • Company-Wise Recruitment Process
  • Company-Wise Preparation
  • Aptitude Preparation
  • Puzzles
  • School Subjects
  • Mathematics
  • Physics
  • Chemistry
  • Biology
  • Social Science
  • English Grammar
  • Commerce
  • World GK
  • GeeksforGeeks Videos
  • DSA
  • Python
  • Java
  • C++
  • Web Development
  • Data Science
  • CS Subjects
@GeeksforGeeks, Sanchhaya Education Private Limited, All rights reserved
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox
Improvement
Suggest Changes
Help us improve. Share your suggestions to enhance the article. Contribute your expertise and make a difference in the GeeksforGeeks portal.
geeksforgeeks-suggest-icon
Create Improvement
Enhance the article with your expertise. Contribute to the GeeksforGeeks community and help create better learning resources for all.
geeksforgeeks-improvement-icon
Suggest Changes
min 4 words, max Words Limit:1000

Thank You!

Your suggestions are valuable to us.

What kind of Experience do you want to share?

Interview Experiences
Admission Experiences
Career Journeys
Work Experiences
Campus Experiences
Competitive Exam Experiences