PKI — A Brief Intro

AK
2 min readMay 17, 2021

PKI or Public Key Infrastructure is a combination of procedures/policies, hardware and software. It’s a framework cum technology primarily used in the field of IT Security or cyber space to be specific. One of the major role is in designing solution based on encryption.

It’s commonly used in authenticating users, devices, systems, application, servers etc. PKI is used to create, manage, store, communicate, use and delete digital identities which are tied through digital certificates. It basically provides functionality in all tier of CIA triad(Confidentiality, Integrity, Availability), as identity is authenticated, data is encrypted and information needs to be always available when needed only to the known parties.

How PKI secures compared to Password based system

Password based authentication is common from past few decades. From fast changing technologies and associated risk that comes with password management are increasing at a drastic rate. Hackers are getting much smarter, prying new and advanced techniques due to faster computing through brute force, rainbow table and many more ways to get user passwords.

Certificate based authentication works in simple way. User generate a CSR (Certificate Signing request) and asks Trusted Certificate Authority (CA) to sign the CSR. CA signs the CSR with its key and provide the certificate to the user. Since only user has the private key stored in personal or key store, it’s nearly impossible to impersonate the user identity.

Components of PKI

There are different elements involved in PKI infrastructure but basic of all are list below:

  • Certificate Authority or Certificate Issuer
  • Certificate Store
  • Public/ private key pair or Certificate pair
  • Certificate Revocation List/Service or CRLs

Usage of PKI

Simple passwords were enough in very beginning of internet days, now things changed a lot and password isn’t enough to secure the digital identities. To make secure and strong authentication mechanism passwords needs to be tied or combined with additional security measures like OTP, email based token, RSA, digital certificate, etc. There are various scenarios were PKI is commonly used, just to list few ones are:

  • Digital certificates
  • Security token like FIDO, RSA
  • Smart cards
  • Encryption of documents
  • Securing message application

If Certificate is compromised

Digital certificate are more secure than password, however it’s secure till the point where only trusted applications can have access to key store where private keys of the certificate are stored. If a malicious application or service access your private key then its compromised.

In such case you need to remove the certificate and generate a new CSR and ask Root CA to sign again. Also you need to inform Root CA about the compromised certificate so that it can be invalidated.

NOTE: This article is just a brief about PKI, it’s a long topic and include more detailed knowledge. Please comment for any questions and thanks for your valuable time.

--

--

AK

Talks and interested in different IT topics, specially about Cyber Security, IAM, PAM, PKI