PKI — trust & chain of trust -why, who, and how?

PKI or Public Key Infrastructure is a framework for managing digital certificates and public-key encryption.

PKI’s purpose is to ensure secure electronic transfer of data over the internet.

CAs or Certificate Authorities are supposed to have a TRUST with users.

The root CA signs all digital certificates with a single private key. What is the limitation of this model? If the root CA’s private key gets compromised, then all the certificates become untrustworthy.

Distributed hierarchical model has multiple CAs that sign digital certificates. Only those certificates go worthless whose CA had its private key compromised so the process of verification gets distributed. This model establishes a chain of trust.



This series of posts is an ongoing effort to lay strong foundations of Cyber Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store