In cryptography, public key infrastructure (PKI) is defined as a set of processes and technological means that allow trusted third parties to verify and guarantee a user's identity by associating a public key with that user.

Public keys, in this case, take the form of digital certificates, which are created and signed by the Certification Authority (CA).

Certification Authority

The Certification Authority (CA) is an entity whose objective is to bind a public key to a particular entity, such as a person, a router, a server, etc. The CA validates the identity of the requesting entity and issues the certificate binding that entity to its corresponding public key – Generally through the X.509 standard.

In detail, the CA operates by following the following sequence of steps:

1. The CA verifies that a certain entity is who it claims to be;
2. The CA issues a certificate linking the verified entity to that entity's particular public key;
3. The CA signs the certificate with its own private key.

Public Key Infrastructure

The main objective of the PKI is to enable secure communication between two parties that have never met. The structure of the PKI involves:

• The Certification Authority, which issues the certificate
• The Registration Authority, which validates the identity of the subscriber
• The Certificate Server, which contains a certificate publication list.

To guarantee the identity of the subjects, the integrity of the data, and their confidentiality, both symmetric encryption algorithms (3-DES, AES) and asymmetric encryption algorithms (RSA) can be used.