PKI -->
Public Key Infrastructure
computing dictionary

<cryptography> A system of public key encryption using digital certificates from Certificate Authorities and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction. This is a framework for identification and authentication using electronic systems and it can be used to: prove you are who claim to be (authentication), to encrypt documents for privacy and to digitally sign documents.

PKIs are currently evolving and there is no single PKI nor even a single agreed-upon standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are necessary before electronic commerce can become widespread.

It is primarily a method of authentication which allows the user to have a secret and a public key which work as a pair. Only the user knows their secret key, but a message encrypted with that key can only be decrypted using the public key, and crucially vice versa. This means that the really important thing is that you believe that the person claiming to be Fred really is Fred. To achieve this you either need to have issued them with the secret key yourself, or to trust the person who has issued the key. This has led to the creation of companies who will verify that you are who you claim to be and issue a secret key.

This system is therefore only as good as the trust in the issuing party (called a trusted third party). It is possible that governments could be the trusted third parties, if ID cards are smart cards which carry the secret key.

Acronym: PKI



IETF PKIX Working Group.

(08 Mar 2006)