What is PKI?

Source: Internet
Author: User

The X509 standard defines PKI as an infrastructure that supports public key management and supports authentication, encryption, integrity, and auditable services.
P2 mentioned that PKI is an infrastructure. Its goal is to make full use of the theoretical basis of public key cryptography and establish a universally applicable infrastructure, provides comprehensive security services for various network applications.
P3 mentioned that the core technology of PKI is centered around the entire lifecycle of digital certificate application, issuance, use and revocation.
The three paragraphs above describe PKI from the three aspects of definition, goal, and technical content.
How does PKI develop? That is to say, how did this design pop up? The text in p24 is summarized later.
Since e-commerce requires confidentiality, Diffie and Hellman propose public key passwords. Algorithm But there are serious security problems in simply using the public key cryptography algorithm. For example, if a communicates with B, A can encrypt it with the public key of B and then transmit it to B. After B obtains it, B can use its own private key to decode and obtain the plaintext. However, If attackers C generate their own key pair and communicate with a and falsely call it B, the information between A and B may be known by C. This problem is the ownership of the public key. It is necessary to identify the owner of the public key, so as to avoid replacement of B by C.
Kohnfelder proposed the concept of digital certificate (certificate) in 1978. The Certificate Authority (CA) issues a certificate to address the problem of who the public key belongs.
The certificate contains the holder's public key data and identity information, and the CA calculates the digital signature for the information. The digital signature ensures that the certificate cannot be tampered. In this way, the security is transferred to the root certificate of the CA. If the root certificate of the CA can be securely obtained, the entire process is secure and accountable.
As shown above, PKI is the public key cryptography algorithm + digital certificate.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.