What is Public Key Infrastructure (PKI)?

"Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA)."

So PKI is an infrastructure which is built using different tools in order to ensure security and identity protection. Let's go step-by-step and see how PKI really emerged:

The problem

Communication is everywhere. We send email, we send SMS, we access website, we talk on Skype, we chat in Facebook, we twit...Web communications are exploding, and people use it every day in their life and cannot imagine living without it.

Approximately 321 billion emails sent during the day, 2 billion internet users, 500 million facebook users, 3 million blog posts every day, 202 million twits every day (source: World Meters). The question is are we sure that we are secure? What if you need to send something secret? Or what if you need to keep secure email exchange with sensitive information about your business?

This is a problem.


It is obvious that a need to secure communication over Internet is a very questions, and in some cases it is a question of prosperity and company profits. Companies, communities can implement different solutions. Those include Virtual Private Networks, PGP encryption methods, Public Key Infrastructure and others. The goal of all those solutions is provide desired security level and also to implement different policies, so you will be sure about your privacy and security. Majority of above methods are based on encryption and decryption algorithms and also cryptography. Here we will overview public key infrastructure which is based on asymmetric algorithms.

But there is one common thing in above methods - the need to involve additional infrastructure and additional investment to create a proper architecture.

Public key infrastructure

The heart of public key infrastructure is trust relation. Communication between two persons inside a Internet involves important question of trust. When you are face to face, you can ask to show an ID or some document that tells you that a person is really who he claims to be. But it is different in Internet. You need a uncompromised 3rd party to verify your and other person's identity (there are no passports in Internet). This 3rd party will take care of all identification operations and ensure minimum possibility of fraud. In PKI this 3rd party is Certificate authority. So establishing a Certificate Authority in your environment or choosing one from existing Certificate Authorities you basically have established almost 90% of PKI infrastructure.

Now you need to request some "ID documents" to yourself that we will verify your identity in Internet. This is called a certificate. In PKI those operations with certificates are based on public and private keys, but in general words it works like this. Now, having a certificate, having a Certificate Authority you trust, you have already PKI.

A question of complexity

One of the biggest advantage of using PKI is that it is standard. All complex procedures, including encryption, decryption, checking of digital signature, generation of certificates and others are built-in into the common software you use every day. Also as PKI is standard you also have in your phone operating systems like iOs, Android and Windows Phone. Now what is left is to organize the issuing, revoking of certificates and handling user profiles - this was very difficult as it is involved customized and very expensive solution. However, with introduction of managed PKI service, cloud service it is possible to establish PKI infrastructure in just few clicks. Of course one will need to gather user data (if PKI is for a company), and then make some changes in email software (enabling options to encrypt/sign messages), but this is pretty easy.

As you will go deeper in our portal, you will see that implementing PKI is not a complex task, that PKI infrastructure is easy.