Public Key Inrastructure

Public Key Infrastructure (PKI) is a system designed to manage digital certificates and public and private key pairs. PKI encompasses various fundamental components, including Certification Authority,  Registration Authority, Verification Authority, Digital Certificates, Public Key, Private Key, Public key cryptography, and Secure Storage.

Registration Authority (RA)

A Registration Authority (RA) is a component that verifies the identity of individuals or entities before they are issued a digital certificate by a Certificate Authority (CA). The RA acts as an intermediary between the entity requesting a digital certificate and the CA, helping to ensure the accuracy of the information provided in the certificate request. 

Certification Authority (CA)

A Certification Authority (CA) is a trusted entity or organization that is responsible for issuing, generating, and managing the lifecycle of digital certificates in a Public Key Infrastructure (PKI) system. 

Verification Authority (VA)

A PKI Verification Authority (VA) provides validation of digital certificates.

Certificate verification services can include;

1. Certificate Revocation Lists (CRL): A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the Certificate Authority (CA) before their scheduled expiration date. The CRL is used to inform users and systems that a particular digital certificate should no longer be trusted for various reasons, such as the compromise of the corresponding private key or the termination of the certificate holder's relationship with the CA.
2. Online Certificate Status Protocol (OCSP): The Online Certificate Status Protocol (OCSP) is a protocol used for obtaining real-time validation of the status of a digital certificate. It provides a more efficient alternative to Certificate Revocation Lists (CRLs) for checking whether a given certificate is still considered valid or has been revoked by the Certificate Authority (CA).
3. CA Chain Certificates: CA Chain Certificates refer to the hierarchy or sequence of certificates used to establish the trustworthiness of a digital certificate. This chain is crucial for verifying the authenticity of a given certificate, starting from the end-entity certificate and going up to a trusted root certificate.

Digital Certificate

A digital certificate is a cryptographic credential that is used to authenticate the identity of an entity, such as a person, a computer, a website, or an organization, in the context of a public key infrastructure (PKI). 

Key Pair

A key pair refers to the combination of two cryptographic keys that are mathematically related. These keys are used in asymmetric cryptography, also known as public-key cryptography. The two keys in a key pair are the public key and the private key.

• Public Key

This key is shared openly with others. It is used for encryption and verification. Data encrypted with the public key can only be decrypted by the private key. Public keys are used for secure communication, digital signatures, and other cryptographic applications.

• Private Key

This key must be kept confidential and known only to the owner. It is used for decryption and creating digital signatures. Data encrypted with the private key can only be decrypted by the public key. The private key is crucial for maintaining the security of the cryptographic system.

Secure Storage

They are the hardware that can securely store the private key.

• HSM (Hardware Security Module): HSM is a specialized hardware device designed to provide a secure environment for the generation, storage, and management of cryptographic keys and sensitive information. HSM devices are also used in payment systems. There are HSM manufacturers such as Thales nShield, Utimaco, TÜBİTAK DIRAK.. etc.

• Smart Card:  A smart card is a small, portable device that incorporates an embedded integrated circuit chip. Smart Card ability to securely store sensitive information, such as cryptographic keys. There are Smart Card manufacturers such as Multos, TÜBİTAK AKİS.. etc.