Public Key Infrastructure (Digital Cert )

A Public Key Infrastructure is a system where hardwares, softwares, people, policies and procedures come together to create, manage, distribute and revoke digital certificates. Digital certificates are attached to data information to verify the sender's identity.

PKI
In cryptography, PKI is an arrangement which binds public keys with specific user identities using a certificate authority. Each user identity must be unique within the certificate authority domain. The binding is done through registration and issuance and may be carried out using a software or  under human supervision.

Basically, PKI enables users to securely communicate on an insecure public network and verify the identity of a user through the use of digital signatures. It involves the four components of certificate authority, registration authority , central directory for storage of index keys and a certificate management system.


To acquire the trust and verify the user, there are three approaches to it. Certificate authorities is one of them, web of trust and the simple public-key infrastructure.

Certificate Authorities
The main role of a certificate authority is to digitally sign and publish the public key bound to the given user by using CA's own private key. The component that bounds a key to a user is called the Registration Authority.

A different kind of certificate authority involves a certificate authority server issuing digital certificates to users who has to log into the system only once to access many functions of the system.

Web of Trust
This method involves using self-signed certificates, allowing one to implement his own web of trust along with third party attestations.

Simple Public-Key Infrastructure
This method is implemented by combining the components of the other three methods. But instead of trusting the user, the system is only concerned with whether the key is trustworthy or not and does not concern about the user's integrity.