What are the Key Components of Public Key Infrastructure?

Definition: Public Key Infrastructure (PKI) is built around a set of components and procedures for managing public and private key pairs. PKI consists of various components which include: Certification Authority, Digital Certificates, Registration Authority, Validation Authority, Public Key, Private KePublic key cryptography, and Secure Storage. These are explained below.


Key Components of Public Key Infrastructure explained

Certificate Authority (CA)

In general, the Certificate Authority manages all aspects of PKI certificate management, including the phases of certificate lifecycle management. A CA issues certificates to be used to verify that the subject imprinted on the certificate is the owner of the public key - therefore, authenticating the digital identity of the user. In a PKI system, the client generates a public-private key pair. The public key and information to be imprinted on the certificate are sent to the CA. The CA then creates a digital certificate consisting of the user’s public key and certificate attributes. The certificate is signed by the CA with its private key.

Certificate authorities validate organizations, people and devices by issuing digital certificates, and it is these certificates that are used to encrypt transactions, protect information, and to enable secure communication.

Digital Certificates

Digital certificates enable PKI to function. A digital certificate serves as an electronic identification that facilitates the verification of identities between users during online transactions. PKI enables secure connections between two communicating machines because the identities of the two parties can be verified using certificates.

Registration Authority

The Certificate Authority (CA) authorizes the Registration Authority (RA) to provide digital certificates to users on a case-by-case basis. An encrypted certificate database stores all certificates requested, received, and revoked by both the Certificate Authority and the Registration Authority.

Certificate history and information are stored on what is known as a certificate store, which is typically located on a specific computer and serves as a storage space for all memory related to the certificate history, including issued certificates and private encryption keys. A certificate store can potentially contain certificates from multiple CA’s.

Validation Authority (VA)

A VA enables a company to ensure that a certificate has not been revoked. The VA function is performed by an online facility hosted by an organization that manages the PKI. To advertise revoked certificates, a validation authority will frequently use OCSP or CRL.

Public Key

A Public Key is a cryptographic mathematical key that has public availability and does not require secure storage. Messages encrypted by the public key can only be decrypted by the corresponding private key.

Private Key

The recipient uses a private key to decrypt a message encrypted with a public key. Since the message is encrypted with a specific public key, it can only be decrypted with the corresponding private key. This establishes ownership of the private and public keys, ensuring that the message is only read by those who have been authorized.

Secure Storage

To protect the key from compromise, both the Certificate Authority (CA) and the end entity must have a method of securely storing a private key.

Hardware Security Modules improve the overall security of the PKI. This device safeguards and manages digital keys, laying the foundation for a secure enterprise PKI infrastructure. The HSM contributes to managing the entire lifecycle of cryptographic keys, including key creation, rotation, deletion, auditing, and API integration with various applications. The sole purpose of an HSM is to conceal and protect cryptographic data.



Blog posts

Blog posts

Related products

Related products

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Your collection of download requests is empty. Visit our Downloads section and select from resources such as data sheets, white papers, webinar recordings and much more.