Public Key Infrastructure (PKI)

A Public Key Infrastructure (PKI) is a system of facilities, policies, and services that supports the use of public key cryptography for authenticating the parties that are involved in a transaction.

No single standard defines the components of a Public Key Infrastructure, but a PKI typically comprises certificate authorities (CAs) and Registration Authorities (RAs). CAs provide the following services:

Issuing digital certificates
Validating digital certificates
Revoking digital certificates
Distributing public keys

The X.509 standards provide the basis for the industry standard Public Key Infrastructure.

For more information about digital certificates and certificate authorities (CAs), see Digital certificates. RAs verify the information that is provided when digital certificates are requested. If the RA verifies that information, the CA can issue a digital certificate to the requester.

A PKI might also provide tools for managing digital certificates and public keys. A PKI is sometimes described as a trust hierarchy for managing digital certificates, but most definitions include additional services. Some definitions include encryption and digital signature services, but these services are not essential to the operation of a PKI.