Using asymmetric key pairs is easy to apply however when expanded beyond a small community there are potential vulnerabilities. If a private key is compromised, it is difficult to locate and remove that key. The security infrastructure developed to address these problems is known as a public key infrastructure (PKI).
PKI uses asymmetric key pairs and combines software, encryption technologies, and services to safeguard the security of communications RFC 2459 defines the X.509 PKI, which is the PKI defined for use on the Internet. This incorporates the use of certificates, certification authorities (CAs), certificate management tools, and certificate-enabled applications.
Components of a PKI: A PKI uses public key encryption technologies to bind public keys to their owners and to assist with safe distribution of keys across networks. PKI provides a range of services, technologies, protocols, and standards that allow the distribution and management of a strong and scalable information security system. Setting up PKI will allow organizations to conduct business electronically with these assurances:
- The person or process sending a transaction is the actual originator.
- The person or process receiving a transaction is the actual receiver.
- The integrity of the data has not been compromised.