What is public key infrastructure and how does it works?

Hello my dear friends! How are you doing? Today we are going to discuss about public key infrastructure. Let’s discuss about what is public key infrastructure and how does it work. Public key infrastructure is something connect with computer security. It ensures and helps for computer security. Firstly let’s see what is public key infrastructure? Public key infrastructure is a set of hardware, software, people, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates. PKI directly connect with cryptography. In simply PKI is a way to find someone’s identity by using their public key.

This identity is ensures by digital certificate. Digital certificates issuing is doing by certificate authorities. So firstly let’s learn about what is a digital certificate. Secondly we learn about certificate authority and other concepts. What is digital certificate?

Digital certificate

Digital certificate proves the one’s identity. It binds one’s identity to the public key. Digital certificate certifies the ownership of a public key. Digital certificate provide all the details which a user need to verify one’s identity. Certificate authority issue these digital certificates. Now let’s learn about it.

Certificate authority

Certificate authority is also known as certification authority as well. This is the entity issues the digital certificates. CA is a trusted third party. Certificate authorities do many services. They are as follows,

  • Managing public key certificates for their whole life cycle.
  • Issuing certificates by binding a user’s or system’s identify to a public key with a digital signature
  • Scheduling expiration dates for certificates.
  • Ensuring that certificates revoked when necessary by publishing certificate revocation lists. (CRL)

Details in the digital certificate

Now let’s look at what are the things included in a digital certificate.

  • Version number – Identifies the version of the X.509 standard.
  • Subject – specifies the owner of the certificate
  • Public key – Identifies the public key being bound to the certified subject:also identifies the algorithm used to create the private/public key pair.
  • Issuer – Identifies the CA that generated and digitally signed the certificate
  • Serial number – Provides a unique number identifying this specific certificate issued by the CA
  • Validity – Specifies the dates through which the certificate is valid for use
  • Certificate usage – Specifies the approved use of the certificate, which dictates intended use of this public key
  • Signature algorithm – Specifies the hashing and digital signature algorithms used to digitally sign the certificate.
  • Extensions – Allow additional data encoded into the certificate to expand the functionality of the certificate. Companies can customize the use of certificates within their environments by using these extensions.

So far we discussed about digital certificate and certificate authority. Yet we didn’t talk about how to obtain a digital certificate. Now we are going to discuss about that.

The process of obtaining a digital certificate

Firstly user register for the digital certificate. Then after that registration authority checks whether the company is actual or not. Then some values use to determine random values. After that an algorithm generates a public and private key pair. RSA algorithm use for that. Later the generated key pair is storing on a workstation. Then after public key and other information of identification send to the certificate authority. CA generate the digital certificate and send to the user.

What is registration authority

Registration authority verifies the identity of the certificate requestor on behalf of the CA. The CA generates the certificates using information forwarded by the RA.

The process of verifying the authenticity and integrity of a certificate

Let’s assume there are two nodes which are A and B who are in a communication tunnel. Let’s assume A wants to send a message to B. Firstly A sends the message and digital certificate to B. Then B extracts the certificate. After that B put the digital certificate through a hashing algorithm. Then after that hashing algorithm calculates the value of it X. B extracts the encrypted message digest from the certificate. After B decrypt the value with the CA’s public key. B checks to see if the certificate revoked or not. B compares values of X and Y. If the values are same B reads the message.

So far we have learned about many things about digital certificate. Now we are going to learn about something interesting too. We learn about how to obtain a certificate. Then what about if we do not want a certificate. Now let’s learn about certificate revoction.

Revocation of CRL

A digital certificate can revoke when it’s validity need to end before it’s actual expiration date met, and this can occur due to many reasons. As an example we can take when an user lost a laptop or a smart card. The CA provides this type of protection by maintaining a certificate revocation list (CRL), a list of serial numbers of certificates that revoked. The CRL also contains a statement indicating why the individual certificates revoked and a date when the revocation took place. The certificate revocation list is an essential item to ensure a certificate is still valid. The CA is responsible for maintaining CRL and posting it in a publicly available directory.


So far we discussed about many things about digital certificates. Firstly we discussed about what is a digital certificate. Secondly we learned who controls it and how to obtain them. Later we learned how it works and revocation of digital certificate.

Audy Ranathunga

Audy Ranathunga, Author of myexamnote is our most experienced author. She has been working as a blog post writer for 4 years. She joined with myexamnote before 1 year ago and she has contribute lots of valuable posts for readers.

Leave a Reply