Working with PKI

[VelMurugan]

Working with PKI

Public Key Infrastructure arrangements help users to authenticate each other and to use the information in identity certificates (public keys of each person) to encrypt and decrypt messages between each other.

Here is the way PKI works: The public key infrastructure architecture consists of client software, server software such as a certificate authority, hardware (e.g., smart cards) and operational procedures. Using his/her private key, a user may sign messages digitally, and another person can verify this signature using the public key embedded in that user's certificate issued by a certificate authority within the Public Key Infrastructure, thereby enabling two or more parties to establish confidentiality, message integrity and user authentication without having to compromise any secret information in advance or during the process.

Most enterprise PKI systems depend upon certificate chains to establish a party's identity. That is, while the certificate for any party may be issued by a certificate authority computer, it becomes mandatory that the legitimacy of that computer in turn need to be certified, and that is done by a higher certification authority and the chain goes on.

This certification hierarchy, at a minimum level, will consists of many computers, often more than an organization, and an assortment of interoperating software packages from different systems across different sources. This hierarchical structure is in fact inevitable as standards are critical to PKI operation. Many of the operating standards in this area are formulated by the IETF PKIX workgroup.

Enterprise-scale public key infrastructure systems are sometimes tied closely with the enterprise's directory schema by combining the employee's public key - embedded in a certificate - with other personal details such as name, designation, and department. X509 is the most commonly used certificate format alongside the directory schema LDAP.