Public Key Infrastructure provides services like authentication, message integrity and confidentiality by using both asymmetric and symmetric cryptography enabling a practical and secure way of key distribution, signing ,and encryption.
Two main motivation for using PKI technologies are:
In this section, basic information about public key infrastructure is presented. Digital certificates, the most important components of PKI , are described as well as Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP), Certificate Authority (CA).
In asymmetric cryptography a key pair , including private and public keys, is defined for each subject. The public key can be accessible by everyone who wants to communicate with the owner of that key. In order to make public key easily accessible by everyone, it is published within the corresponding certificate.
Certificates authorities (CA) are the authorized institutions for creating and managing digital certificates. A CA consists of Certificate Authority software, required hardware and physical environment and people who operate the system
Once a certificate is published it is impossible to make it totally inaccessible due to its revocation. For this reasons CAs publish Certificate Revocation Lists(CRL) in order to announce everyone that the certificates in the CRL are revoked.
Online Certificate Status Protocol
Since CRLs are issued periodically, they do not provide a real time information about the status of certificates. In cases like financial operations where real time validation is required, using CRLs as the source of revocation information is not considered to be secure enough and unacceptable. As a remedy, Online Certificate Status Protocol (OCSP) is used.
Smartcards are the most popular devices for storing digital certificates and private keys in a secure way. They have programmable processors and secure memory and they are extremely solid and portable. They are used in systems where information security, identity confidentiality and mobility are the main concerns.