Network Security - Public Key Infrastructure (PKI)

1. What is PKI?

Public Key Infrastructure (PKI) is a framework that manages digital keys and certificates to enable secure communication over networks.

It ensures:

Think of PKI as a trusted system that issues digital ID cards (certificates) for computers and users so they can securely communicate online.

Public and Private Keys
- Part of asymmetric cryptography
- Public key → shared with everyone
- Private key → kept secret
Digital Certificates
- Like an online passport that links a public key to a verified identity
- Contains: name, public key, issuer, validity period, and digital signature
Certificate Authority (CA)
- Trusted entity that issues and signs digital certificates
- Examples: DigiCert, Let’s Encrypt, GlobalSign
Registration Authority (RA)
- Verifies the identity of users or devices before the CA issues a certificate
- Acts like a check-in desk
Certificate Repository
- Database where issued and revoked certificates are stored
- Publicly accessible for verification
Certificate Revocation List (CRL)
- List of certificates that are no longer valid before their expiration
- Ensures compromised or expired certificates are not used

User or device requests a certificate from the RA.
RA verifies identity and forwards the request to CA.
CA issues a digital certificate and signs it with its private key.
User/device uses the certificate for secure communication (encryption, signing).
Others verify the certificate using CA’s public key.