Public key infrastructure

From Paperless Office

Public key infrastructure is a system (which includes hardware, software, policies, procedures, etc.) used to manage digital certificates in way that allows digital signatures and encryption of documents, files and emails.

Public key infrastructure consists of individuals with public and private keys and a certificate authority that is used to determine if a particular key is valid. Public keys are shared with anyone and the certificate authority is used to verify the authenticity of the public key. Private keys are never shared.

When a user wants to send an encrypted document to another user, he must get a copy of that user's public key. When the document is encrypted with the user's public key, the only way to unencrypted it is to use the matching private key. Since the intended recipient is the only person who should have the private key, they are the only person who can read the message.

Public key infrastructure also allows for digital signatures. With digital signatures a document is left in a readable state, but it contains a "signature" that proves who created the document and that the document has not been modified since it was created. To accomplish this, a user signs the document using their private key which means that anyone who has access to their public key can verify the signature.

Certificate authorities act as the trusted source that verifies that a particular public key belongs to a particular person. Certificate authorities do things like look at your passport and driver's license to verify your identity before assigning you a public/private key pair. That way they can "vouch" for your identity when queried about who owns a particular public key.