What is a public key infrastructure (PKI)?

The purpose of a public-key infrastructure is to manage keys and digital certificates. By managing keys and certificates through a PKI, an organization establishes and maintains a trustworthy networking environment. A PKI enables the use of encryption and digital signature services across a wide variety of applications.

What are the components of a PKI?

In cryptography, a PKI is an arrangement that binds public keys with their respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The third-party validation authority (VA) can provide this information on behalf of the CA. The binding is established through the registration and issuance process. Depending on the assurance level of the binding, this may be carried out by software at a CA or under human supervision. The PKI role that assures this binding is called the registration authority (RA). The RA is responsible for accepting requests for digital certificates and authenticating the person or organization making the request.

Who can be a CA?

The State, banks, chambers of commerce and industry, certified public accountants, federations of companies within a given sector of activity, and companies themselves can be Certificate Authorities and define the terms and conditions for attributing and using the electronic ID that they deliver to citizens, companies, or company staff (senior managers, financial directors, purchasing directors, employees).

What are the Certification Practice Statement (CPS) and Certificate Policies documents and why are they so important?

These documents set forth the business, legal, and technical requirements for approving, issuing, managing, using, revoking, and renewing digital certificates, and providing associated trust services for all participants. These requirements are critical because they protect the security and integrity, and comprise a single set of rules that apply consistently across all operations, thereby providing assurances of uniform trust.