Public Key Infrastructure (PKI)

A Public Key Infrastructure (PKI) is an arrangement whereby a central authority stores encryption keys or certificates (an electronic document that uses the public key of an organization or individual to establish identity, and a digital signature to establish authenticity) associated with users and systems, thereby enabling secure communications through the integration of digital signatures, digital certificates, and other services necessary to ensure confidentiality, integrity, authentication, non-repudiation, and access control.

The four basic components of a PKI are the Certification Authority, Registration Authority, repository, and archive:

Certification Authority (CA): The Certification Authority (CA) comprises hardware, software, and the personnel administering the PKI. The CA issues certificates, maintains and publishes status information and Certificate Revocation Lists (CRLs), and maintains archives.

Registration Authority (RA): The Registration Authority (RA) also comprises hardware, software, and the personnel administering the PKI. It’s responsible for verifying certificate contents for the CA.

Repository: A repository is a system that accepts certificates and CRLs from a CA and distributes them to authorized parties.

Archive: An archive offers long-term storage of archived information from the CA.