Main Page | See live article | Alphabetical index

Public key infrastructure

PKI (Public Key Infrastructure) is a set of software that enables a user to encrypt/decrypt messages with his private/public key. A user may also use his PKI software to digitally sign messages using his private key. This enables two (or more) communicating parties to establish confidentiality, message integrity and authentication without having to exchange any secret information in advance.

One example of a PKI software system is GPG (The GNU Privacy Guard). Another popular PKI implementation is PGP (Pretty Good Privacy).

In contrast to PGP and similar systems, which use self-signed certificates, most enterprise PKI systems rely on certificate chains to establish a party's identity, as it is certified by a "higher" authority. Eventually, this leads to the creation of certificate hierarchies. Much of the standardization in this area is done by the IETF PKIX workgroup.

Enterprise PKI systems are often integrated with the enterprise directory, in which each employee's public key is stored, together with other personal details. Today's leading directory technology is LDAP and in fact, the standard certificate format (X.509) stems from this use in the precursor to LDAP, the X.500 directory schema.

PKI has many uses, including:

External Links

Pointers to leading vendors? Why is PKI often considered a white elephant?

See also public key cryptography,key authentication.