Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Public key infrastructure
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Design == [[Public-key cryptography]] is a [[cryptographic]] technique that enables entities to [[secure communication|securely communicate]] on an insecure public network, and reliably verify the identity of an entity via [[digital signatures]].<ref>{{cite book|author=Adams, Carlisle |author2=Lloyd, Steve|title=Understanding PKI: concepts, standards, and deployment considerations|publisher=Addison-Wesley Professional|year=2003|isbn=978-0-672-32391-1|pages=11β15|url=https://books.google.com/books?id=ERSfUmmthMYC&pg=PA11}}</ref> A public key infrastructure (PKI) is a system for the creation, storage, and distribution of [[public key certificate|digital certificate]]s, which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates that map public keys to entities, securely stores these certificates in a central repository and revokes them if needed.<ref>{{cite book|author=TrΔek, Denis|title=Managing information systems security and privacy|publisher=Birkhauser|year=2006|isbn=978-3-540-28103-0|page=69|url=https://books.google.com/books?id=oswvyhAftLsC&pg=PA69}}</ref><ref name="Vacca-2004-p8">{{cite book|author=Vacca, Jhn R.|title=Public key infrastructure: building trusted applications and Web services|publisher=CRC Press|year=2004|isbn=978-0-8493-0822-2|page=8|url=https://books.google.com/books?id=3kS8XDALWWYC&pg=PA8}}</ref><ref>{{cite book|author=Viega, John|title=Network Security with OpenSSL|publisher=O'Reilly Media|year=2002|isbn=978-0-596-00270-1|pages=61β62|display-authors=etal}}</ref> A PKI consists of:<ref name="Vacca-2004-p8" /><ref name="ABCs-of-PKI">{{cite news|author=McKinley, Barton|title=The ABCs of PKI: Decrypting the complex task of setting up a public key infrastructure|work=Network World|date=January 17, 2001|url=http://www.networkworld.com/research/2000/0117feat.html|url-status=dead|archive-url=https://web.archive.org/web/20120529211639/http://www.networkworld.com/research/2000/0117feat.html|archive-date=May 29, 2012}}</ref><ref>{{cite book|author=Al-Janabi, Sufyan T. Faraj|chapter=Combining Mediated and Identity-Based Cryptography for Securing Email|editor=Ariwa, Ezendu |display-editors=etal |title=Digital Enterprise and Information Systems: International Conference, Deis, <nowiki>[...]</nowiki> Proceedings|publisher=Springer|year=2012|isbn=9783642226021|pages=2β3|chapter-url=https://books.google.com/books?id=s-HVzAc_ZqEC&pg=PA2|display-authors=etal}}</ref> * A ''[[certificate authority]]'' (CA), which stores, issues and signs the digital certificates; * A ''registration authority'' (RA), which verifies the identity of entities requesting their digital certificates to be stored at the CA; * A ''central directory'', a secure location in which keys are stored and indexed; * A ''certificate management system'', which manages things like the access to stored certificates or the delivery of the certificates to be issued; * A ''[[certificate policy]]'', which states the PKI's requirements concerning its procedures. Its purpose is to allow outsiders to analyze the PKI's trustworthiness.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)