The X509 standard defines PKI as an infrastructure that supports public key management and supports authentication, encryption, integrity, and auditable services.
P2 mentioned that PKI is an infrastructure. Its goal is to make full use of the theoretical basis of public key cryptography and establish a universally applicable infrastructure, provides comprehensive security services for various network applications.
P3 mentioned that the core technology of PKI is centered around the entire lifecycle of digital certificate application, issuance, use and revocation.
The three paragraphs above describe PKI from the three aspects of definition, goal, and technical content.
How does PKI develop? That is to say, how did this design pop up? The text in p24 is summarized later.
Since e-commerce requires confidentiality, Diffie and Hellman propose public key passwords. Algorithm But there are serious security problems in simply using the public key cryptography algorithm. For example, if a communicates with B, A can encrypt it with the public key of B and then transmit it to B. After B obtains it, B can use its own private key to decode and obtain the plaintext. However, If attackers C generate their own key pair and communicate with a and falsely call it B, the information between A and B may be known by C. This problem is the ownership of the public key. It is necessary to identify the owner of the public key, so as to avoid replacement of B by C.
Kohnfelder proposed the concept of digital certificate (certificate) in 1978. The Certificate Authority (CA) issues a certificate to address the problem of who the public key belongs.
The certificate contains the holder's public key data and identity information, and the CA calculates the digital signature for the information. The digital signature ensures that the certificate cannot be tampered. In this way, the security is transferred to the root certificate of the CA. If the root certificate of the CA can be securely obtained, the entire process is secure and accountable.
As shown above, PKI is the public key cryptography algorithm + digital certificate.