Public Key Infrastructure (PKI)
PKI is a framework that uses public-key cryptography and digital certificates to verify identities and secure data exchanged over communication channels.
Public Key Infrastructure (PKI) is a comprehensive framework of policies, procedures, roles, hardware, software, and standards that collectively enable the creation, management, distribution, use, storage, and revocation of digital certificates. It relies on public-key [cryptography](/en/terms/public-key-cryptography) to verify identities, establish trust, and protect data in transit. Core components include the Certificate Authority (CA), Registration Authority (RA), Certificate Repository, and Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP). A PKI typically uses X.509 certificates, supports certificate lifecycles (issuance, renewal, revocation, expiration), and is anchored by trusted root certificates. Effective PKI requires strong key management, secure storage (often using Hardware Security Modules or HSMs), governance policies, and auditable processes to mitigate mis-issuance, key compromise, and reliance on trusted third parties.
graph LR
Center["Public Key Infrastructure (PKI)"]:::main
Rel_public_key_infrastructure_pki["public-key-infrastructure-pki"]:::related -.-> Center
click Rel_public_key_infrastructure_pki "/terms/public-key-infrastructure-pki"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
Generated ELI5 content
🤓 Expert Deep Dive
Generated expert content
❓ Frequently Asked Questions
What is PKI?
PKI is a framework of policies, procedures, and technologies that manage public-private keys and digital certificates to enable secure, trusted communications.
What is the role of a Certificate Authority (CA)?
A CA issues and signs certificates after verifying the applicant's identity, enabling trust in the bound identity and public key.
What is certificate revocation and how is it checked?
Certificates can be revoked before expiration by the CA; revocation status is checked via CRLs or OCSP in real time.
What standards underpin PKI?
Standards include X.509 (certificate format), PKIX, and relevant RFCs (e.g., RFC 5280).
What are common PKI risks?
Key compromise, CA compromise, mis-issuance, weak key management, insecure storage, and supply-chain issues.