Re-Hashed: The Wide World of PKI
Public Key Infrastructure is a foundation for trusted communication
When we talk about SSL, Certificate Authorities, browser trust, and all the other regular topics on this blog, we are talking about components of a system called the Web PKI. This is the system that supports “HTTPS,” providing the means for issuing and distributing the certificates used to identify websites.
But there are many other systems out there which use certificates and public key cryptography to securely transfer data and provide authentication.
PKI – or Public Key Infrastructure – simply refers to a system which manages public key certificates (“certificates”) as a means of identifying computers and devices. The term “infrastructure” here is quite straightforward and refers to the method of managing and distributing said certificates. This includes both the technical systems and policies.
This foundational technology can be adapted to all sorts of systems and networks.
The other foundation of PKI is X.509. This is a format for certificates that provides a standard that software can support. Most certificates you encounter – including SSL and Code Signing certificates – are in the X.509 format.
The Web PKI’s infrastructure is a number of Certificate Authorities (CAs) that are responsible for issuing certificates to individual users, which in this case are (primarily) websites – such as Google.com. The browsers and operating systems – which get to decide what CAs are trusted on their platform – are another major component.
The Web PKI is just one example of a real-world use of the PKI system. There are many others, like the IoT PKI. Or how about a PKI for cars? There are even ways to combine the blockchain – the hyped-up foundation of many cryptocurrencies like Bitcoin – with PKI.
Sometimes these can be ‘miniature’ versions of the Web PKI, such as a private PKI used within an enterprise. Major companies like Disney operate their own PKI. Then you have even broader systems, like the Internet PKI which includes things like email certificates in addition to the Web PKI.
A medical device manufacturer could use PKI to allow their devices to securely communicate with each other or with a central server. A hospital could use PKI to allow all those different devices within the building to communicate.
PKI is an incredibly flexible tool – though one that is very difficult and time-consuming to manage. Many organizations who want to deploy their own PKI choose to pay for a CA to take care of this for them. In the industry we refer to this as MPKI – Managed PKI – essentially PKI-as-a-service.
Some major CAs from the Web PKI provide other PKI products. DigiCert, for instance, has an entire PKI platform dedicated to Internet-of-Things devices.
Just as PKI can be adapted to any number of uses, so can X.509 certificates. The exact data and fields contained within the certificate can be changed as needed. For instance, an SSL certificate is issued to a particular website. But other PKIs may be identifying different things, such as a physical device, and would instead opt for issuing certificates to that device’s serial number or other unique identifier.
In short – PKI is a foundation for establishing trusted communication on a network. It’s exact implementation can be adapted to fit all sorts of uses. While we mainly know of the Web PKI due to its public nature, there are many other systems out there allowing us and our computers to communicate securely.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown