PKI & Certificate Authority
Secure data over public networks
Public key infrastructure begins with a key management server to establish a certificate authority. The certificate authority (CA) is a digital cryptographic system that generates pairs of encryption keys. The cryptographic keys are asymmetric because one of the two is public while the other is private.
The public key encrypts information before it travels across a public network. The private key decrypts the information after it reaches its destination. These asymmetric keys make up digital certificates. Digital certificates are issued to users or machines to provide them with a digital identity, allowing them to prove they are authorized to send or receive encrypted sensitive information through a secure channel.
Think of the public key infrastructure as the means of creating, managing, and revoking digital certificates. PKI also refers to the security infrastructure that makes it possible. Such infrastructure can include HSMs, key management servers, and the security policies that govern their use.