What Is Public Key Infrastructure (PKI)?

The Internet is a scary place. It's full of trolls, hackers, and other nefarious characters just waiting for the chance to ruin your life. But there's no need to fear—we've got your back! We're talking about Public Key Infrastructure (or PKI). A PKI allows users of the Internet and other public networks to engage in secure communication, data exchange and money exchange. It is done through public and private cryptographic key pairs provided by a certificate authority. So how does it all work? First, you need a public key (your cryptographic key pair). You keep this safe by storing it on an encrypted device like a flash drive or memory card (and make sure no one else has access to it! ). Then, when someone wants to send you something securely over the Internet—like a message or file—they encrypt it using your public key before sending it over. It will ensure that only YOU can read it! Here's where things get interesting: if someone wants to send YOU something securely over the Internet—like money! —they will encrypt it using YOUR public key. That way, even if someone intercepts the message. The certificate authority (CA) is like a wallet. It holds the keys to all the digital certificates for a user. The private key is like a credit card, which must be kept so it cannot be stolen. The public key is like your driver's license or passport—it proves who you are and can be used to verify who you are. The digital certificate is like your birth certificate—it contains information about who you are and can be used to confirm who you are. When someone wants a digital certificate, they ask their CA for one by providing their public key as proof of identity. The CA takes this public key and creates a digital certificate with it, then sends it back to the person requesting it along with their new public key. It will be published in an online directory so that other users can verify that person's identity when they receive messages. The user keeps their private and public keys safe, so they can only decrypt messages sent to them using those keys (asymmetric encryption).