What is pki

Last updated: April 1, 2026

Quick Answer: PKI (Public Key Infrastructure) is a system of cryptographic techniques and organizational procedures that enables secure digital communication and authentication using pairs of public and private keys.

Key Facts

What is Public Key Infrastructure?

Public Key Infrastructure (PKI) is a comprehensive system of policies, procedures, hardware, software, and people designed to create, manage, distribute, use, store, and revoke digital certificates and manage public-private key pairs. PKI provides the foundation for secure digital communication on the internet and in enterprise networks. It establishes trust relationships between parties and enables encryption, digital signatures, and authentication.

How PKI Works

PKI operates using asymmetric cryptography, where each user has two mathematically related keys: a public key that can be shared openly and a private key that remains secret. Information encrypted with the public key can only be decrypted with the corresponding private key, and vice versa. This fundamental principle allows secure communication between parties who have not previously exchanged keys directly.

Digital Certificates and Certificate Authorities

At the heart of PKI are digital certificates, electronic documents that bind a public key to an identity. Certificate Authorities (CAs) are trusted organizations that issue, manage, and revoke these certificates after verifying the identity of the certificate holder. When users receive a certificate, they can trust its authenticity because the CA's own certificate is recognized by browsers and systems. This creates chains of trust extending from root CAs down to individual users and servers.

PKI Applications and Use Cases

PKI enables numerous critical security functions. HTTPS uses PKI to encrypt web traffic between browsers and servers. Digital signatures allow individuals to sign documents electronically with non-repudiation—the signer cannot later deny having signed. Email encryption protects message confidentiality. Electronic banking and e-commerce rely on PKI for secure transactions. Government and enterprise systems use PKI for employee authentication, access control, and secure communications.

PKI Infrastructure Components

A complete PKI ecosystem includes multiple components: Certificate Authorities issue and revoke certificates; Registration Authorities verify user identities; Certificate repositories store and distribute certificates; Time Stamping Authorities provide evidence of when documents were created; and various management systems track key lifecycles. Organizations implementing PKI must establish policies for certificate validity periods, key lengths, revocation procedures, and disaster recovery.

Related Questions

How does public key encryption work?

Public key encryption uses two mathematically related keys: a public key available to everyone encrypts messages, and only the corresponding private key can decrypt them. This allows anyone to send secure messages to the key owner without sharing secret keys in advance. The mathematics ensures that even knowing the public key doesn't reveal the private key.

How does encryption work?

Encryption converts readable data (plaintext) into unreadable code (ciphertext) using mathematical algorithms and keys. Only someone with the correct key can decrypt the data back to its original form, ensuring privacy.

What is a digital certificate?

A digital certificate is an electronic credential that binds a public key to an individual, organization, or device identity. Issued by Certificate Authorities, certificates contain the public key, identity information, validity period, and the CA's digital signature. They enable users to verify that a public key belongs to the claimed entity.

What's the difference between public and private keys?

A public key encrypts data and is shared openly, while a private key decrypts data and must be kept secret. Together they form a secure pair where one's output becomes the other's input.

Why is PKI important for cybersecurity?

PKI is crucial for cybersecurity because it enables encryption to protect data confidentiality, digital signatures to verify authenticity and prevent repudiation, and certificate-based authentication to verify identities. PKI-based security is more scalable and secure than shared-secret methods for large systems and untrusted networks like the internet.

Why do websites need digital certificates?

Digital certificates verify that a website is legitimate and operated by the claimed organization, preventing impersonation and man-in-the-middle attacks where criminals could intercept your sensitive data.

More What Is in Daily Life

Also in Daily Life

More "What Is" Questions

What is bz in frenchWhat is azelaic acidWhat is rj trainWhat is jz in assembly languageWhat is vfx artistWhat is yg entertainmentWhat Is eli5 what is a system in physicsWhat is mba degree

Trending on WhatAnswers

How Does GPS WorkWhy do i sleep so muchWhy does the plush and velvet material cause me so much discomfort to the point it feels painful and makes me nauseousdifference between ai and mlHow To Start a Business

Browse by Topic

ArtsBusinessDaily LifeEducationFoodGeographyHealthHistoryLanguageLawMathematicsNaturePoliticsPsychologyScienceSpaceSportsTechnology

Browse by Question Type

Can YouDifference BetweenDoesHow DoesHow ToIs ItWhat CausesWhat DoesWhat IsWhen WasWhere IsWho IsWhy DoWhy Is

Sources

  1. Wikipedia - Public Key InfrastructureCC-BY-SA-4.0
  2. NIST - Cryptography Standards and GuidelinesPublic Domain
  3. ITU - International Standards for SecurityTerms of Service