How does public key infrastructure (PKI) work?

· Category: Cybersecurity

Short answer

PKI is a system of hardware, software, policies, and standards that manages digital certificates and public-key encryption. It binds public keys to identities through trusted Certificate Authorities.

How it works

  1. A user or device generates a key pair and submits a Certificate Signing Request (CSR) to a Certificate Authority.
  2. The CA verifies the requester's identity.
  3. The CA issues a signed certificate containing the public key.
  4. The certificate is distributed to others, who use the CA's public key to verify its authenticity.
  5. Certificate Revocation Lists (CRLs) and OCSP allow clients to check if a certificate has been invalidated before expiry.

Example

Enterprise PKI issues internal certificates for Wi-Fi authentication, VPN access, and email signing. Employees trust these certificates because the organization's root CA is distributed to all company devices.

Why it matters

PKI enables scalable trust without requiring prior relationships between parties. It underpins HTTPS, secure email, document signing, and code verification across the internet.