IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

What is public key infrastructure (PKI)?

This technology can help secure data using a number of components

One of the most important elements of digital encryption and cryptography is public key infrastructure (PKI), which is an essential component of security technology. PKI governs the management and deployment of digital certification and public key encryption by establishing the roles, policies and procedures required.

This crucial element is normally deployed to keep information conveyed through digital channels secure over several networking activities - such as e-commerce, internet banking and private email communications. For example, there is one requirement for processes where basic or straightforward passwords are not strong enough as authentication methods, and provides those involved with a more rigorous proof of identity to provide and access information being transferred.

Public key encryption relies on PKI mechanisms, but the term actually refers to the wider system, which is itself responsible for verifying authentication attempts and distributing keys in the first place. It should be noted that PKI isn’t the same as the secure data transfer method public-key encryption, however.

How does PKI work?

Many organisations take part in the process of developing PKI, and the first step involves a subject verifying their identity using a digital certificate. Firstly, a registration authority (RA) is required under PKI to verify the subject. All requirements must be published too, alongside information on how the PKI was established.

The request is passed from the RA to a certificate authority (CA) following successful identity verification, and this organisation is charged with approving, issuing and storing digital certificates. CAs with some profile include Comodo, DigiCert and even GoDaddy, with the likes of Let’s Encrypt also categorised as a CA. These certificates, which are issued by the CA, are held in a central hub controlled by management systems also tasked with distribution and access permissions.

The CA is in charge of signing and issuing digital certificates as proof that a subject’s identity has been verified, and following an approved RA request, the CA will issue pair of private and public keys to accompany this. This might come across a simple step in this process, but there are various pieces of hardware and software working silently in the background to make this happen. These include managing tasks like automatic data validation, the creation of key pairs, and request approval. These elements all form the PKI.

Where is PKI used?

Person checking email inbox while sitting at a desk


Public Key Infrastructure use features in a large range of applications, but it is most frequently used to protect digital platforms and services. A common deployment is the protection of data transfers so that information being sent over a network can only be viewed by the intended recipient.

It's also used to send emails using OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), user authentication using smart cards and the authentication of client systems using SSL (Secure Socket Layer) signatures or encryption.

You may also encounter a variant of PKI when accessing e-documents and online forms that require user signatures. While there are other ways to verify an e-document, PKI is by far the easiest to use as it's not necessary for the two parties to know each other.

The chain of trust

To enhance the security of Public Key Infrastructure, a trusted relationship is needed called a chain of trust. This hierarchy describes the trust relationship between identities when using Subordinate (intermediate) CAs. The main advantage of this is that it enables the delegation of certificates by Subordinate CAs.

A chain of trust is created by validating each hardware and software component from one end right up to the root certificate. This is to ensure that only trusted software and hardware are used in the PKI.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download


Best free malware removal tools 2022

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide

CIAM buyer’s guide

6 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Salaries for the least popular programming languages surge as much as 44%

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022