Securing PKI: Appendix E: PKI Basics


Applies To: Windows Server 2003 with SP2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012

A PKI is a collection of hardware, software, personnel, and operating procedures that issue and manage certificates. The certificate binds a public key to a named subject, which allows relying parties to trust signatures or assertions made by the subject and expressed in the certificate.

In their most basic form, digital certificates bind identities to cryptographic key pairs that are mathematically related and can be used to provide confidentiality, integrity, and nonrepudiation for other systems and processes. These key pairs are typically referred to as public and private keys. Public keys are often widely distributed, while private keys are available only to the individual or system that owns them. A certificate provides a means to tie an identity of a user or system to a specific key pair. By using these keys and certificates, the following security functions can be performed:

  • Digital Signatures – A digital signature can provide assurance that a piece of data such as a document, executable, or script came from a specific source and has not been tampered with since it came from that source.

  • Authentication – PKI provides a strong method of authenticating users or systems. By asking a user or system to perform a digital signature operation with their private key, you get assurance that the entity presenting you with the certificate has possession of the matching private key, proving they are who they are asserting to be.

  • Encryption – PKI provides the capability to encrypt data that can only be decrypted by someone in possession of the private key. If you want to send someone encrypted data, you can obtain their public key and encrypt the data with their public key. Since the public and private key are mathematically related, they can use the related private key to decrypt the data.

See Also

Securing Public Key Infrastructure (PKI)
Securing PKI: Introduction
Securing PKI: Planning a CA Hierarchy
Securing PKI: Physical Controls for Securing PKI
Securing PKI: PKI Process Security
Securing PKI: Technical Controls for Securing PKI
Securing PKI: Planning Certificate Algorithms and Usages
Securing PKI: Protecting CA Keys and Critical Artifacts
Securing PKI: Monitoring Public Key Infrastructure
Securing PKI: Compromise Response
Securing PKI: Appendix A: Events to Monitor
Securing PKI: Appendix B: Certification Authority Audit Filter
Securing PKI: Appendix C: Delegating Active Directory PKI Permissions
Securing PKI: Appendix D: Glossary of Terms
Securing PKI: Appendix F: List of Recommendations by Impact Level
Security and Protection
Secure Windows Server 2012 R2 and Windows Server 2012