PKI (Public Key Infrastructure)

Radia Perlman, Sun Microsystems Laboratories




Security without Public Key Cryptography

Functional Comparison between Public Key– and Secret Key–Based Systems

Issues with Public Key Infrastructure

PKI Models




Name-Based Trust

Top-Down, Name-Based

Bottom-Up, Name-Based

Bridge Model

Using PKI

Certificate Revocation



Cross References

Further Reading


PKI is an acronym for “public key infrastructure.” This chapter discusses what that means and the challenges associated with providing this functionality.

If Bob believes Alice's public key is pubA, and Alice knows the private key associated with pubA, then Bob can use pubA to encrypt a message for Alice, or Alice can use the associated private key to prove to Bob that she is Alice (i.e., she can authenticate to Bob). The purpose of a PKI is to provide a convenient and secure method for obtaining the public key associated with some principal.

The basic idea is to have a trusted authority known as a CA (certification authority) digitally sign a message known as a certificate, thereby vouching that a particular key goes with a particular name. If Alice has been certified by the CA, Bob knows the CA's public key, Bob trusts that CA, and Bob receives Alice's certificate, then he can validate the CA's signature on that certificate and know Alice's public key. In the chapter about digital certificates in this volume, ...

Get Handbook of Information Security, Volume 1, Key Concepts, Infrastructure, Standards, and Protocols now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.