Public key infrastructure PKI

Computers use a lot of  encryption algorithms to send  and store information online. 
 They're all helpful when it comes to hiding  private information, but only  as long as their keys are protected. 
 Can you imagine having to keep  track of the encryption keys protecting  all of your personal information online? Neither can I,  and we don't have to, thanks to something known  as public key infrastructure. 
 
 
 
 
 
 
 
 
 
 Public key infrastructure, or PKI,  is an encryption framework that  secures the exchange of information online. 
 It's a broad system that makes accessing  information fast, easy, and secure. 
 So, how does it all work? 
 
 
 
 
 
 
 
 
 
 PKI is a two-step process. 
 It all starts with the exchange of encrypted information. 
 This involves either asymmetric encryption,  symmetric encryption, or both. 
 
 
 
 
 
 
 
 
 
 Asymmetric encryption involves the use of  a public and private key pair  for encryption and decryption of data. 
 Let's imagine this as a box that  can be opened with two keys.  
 One key, the public key, can only be used to access  the slot and add items to the box. 
 Since the public key can't be used to remove items,  it can be copied and shared with people  all around the world to add items. 
 On the other hand, the second key, the private key,  opens the box fully, so that  the items inside can be removed. 
 Only the owner of the box has  access to the private key that unlocks it. 
 
 
 
 
 
 
 
 
 
 Using a public key allows  the people and servers you're communicating with  to see and send you  encrypted information that only you  can decrypt with your private key. 
 This two-key system makes  asymmetric encryption a secure way  to exchange information online; 
 however, it also slows down the process. 
 
 
 
 
 
 
 
 
 
 Symmetric encryption, on the other hand,  is a faster and simpler approach to key management. 
 Symmetric encryption involves the use of  a single secret key to exchange information. 
 
 
 
 
 
 
 
 
 
 Let's imagine the locked box again. 
 Instead of two keys,  symmetric encryption uses the same key. 
 The owner can use it to open the box, add items,  and close it again. When they want to share access,  they can give the secret key to  anyone else to do the same. 
 Exchanging a single secret key  may make web communications faster,  but it also makes it less secure. 
 
 
 
 
 
 
 
 
 
 PKI uses both asymmetric and symmetric encryption,  sometimes in conjunction with one another. 
 It all depends on whether speed  or security is the priority. 
 For example, mobile chat applications  use asymmetric encryption to  establish a connection between people at 
 the start of a conversation  when security is the priority. 
 Afterwards, when the speed of  communications back-and-forth is the priority,  symmetric encryption takes over. 
 
 
 
 
 
 
 
 
 
 While both have their own strengths and weaknesses,  they share a common vulnerability,  establishing trust between the sender and receiver. 
 Both processes rely on sharing keys that  can be misused, lost, or stolen. 
 This isn't a problem when we  exchange information in person because  we can use our senses to tell the difference between 
 those we trust and those we don't trust. 
 Computers, on the other hand,  aren't naturally equipped to make this distinction. 
 That's where the second step of PKI applies. 
 PKI addresses the vulnerability  of key sharing by establishing  trust using a system of 
 digital certificates between computers and networks. 
 
 
 
 
 
 
 
 
 
 A digital certificate is a file that  verifies the identity of a public key holder. 
 Most online information is  exchanged using digital certificates. 
 Users, companies, and  networks hold one and exchange them  when communicating information online 
 as a way of signaling trust. 
 Let's look at an example of how  digital certificates are created. 
 
 
 
 
 
 
 
 
 
 Let's say an online business is about to launch  their website, and they want to 
 obtain a digital certificate. 
 When they register their domain,  the hosting company sends certain information over  to a trusted certificate authority, or CA. 
 The information provided is usually basic things like  the company name and the country  where its headquarters are located. 
 A public key for the site is also provided. 
 The certificate authority then uses  this data to verify the company's identity. 
 When it's confirmed, the CA  encrypts the data with its own private key. 
 Finally, they create a digital certificate  that contains the encrypted company data. 
 It also contains CA's digital signature  to prove that it's authentic. 
 
 
 
 
 
 
 
 Digital certificates are a lot like a digital ID badge  that's used online to restrict or  grant access to information. 
 This is how PKI solves the trust issue. 
 Combined with asymmetric and  symmetric encryption,  this two-step approach to exchanging  secure information between trusted sources is  what makes PKI such a useful security control.