Public Key Infrastructure (PKI) is the framework of policies, procedures, hardware, software, and roles for creating, managing, distributing, and revoking digital certificates. PKI enables entities to verify each other’s identities and establish encrypted communications without prior arrangement. It underpins HTTPS, email encryption, code signing, and document signatures.
Key components include Certificate Authorities (CAs) that issue certificates, Registration Authorities (RAs) that verify identities, certificate repositories, and revocation mechanisms (CRL and OCSP). Trust flows from root CAs through intermediate CAs to end-entity certificates.
CISSP Relevance
Domain 3 (Security Architecture and Engineering) covers PKI extensively. Understand certificate hierarchies, the role of CAs, certificate lifecycle management, and revocation mechanisms. Know how PKI enables authentication, encryption, and non-repudiation. Exam questions often test understanding of trust models and certificate validation.
Comprehensive PKI guidance is in NIST SP 800-32 Introduction to Public Key Technology.
Related terms: Digital Certificate, Asymmetric Encryption