Codecademy Logo

Public-Key Infrastructure (PKI) & Cryptography

What Is PKI?

Public Key Infrastructure (PKI) is a system that helps entities secure transactions and communications over networks. Commonly, it involves a trusted third party called a Certificate Authority (CA) which verifies ownership of a server’s public key by validating an entity’s certificate.

PKI’s most basic use is to verify the authenticity of public keys used to establish secure channels of communication.

PKI Certificate

In the context of PKI, a certificate refers to a digitally-signed document that verifies the authenticity of a public key.

Certificate Authority (CA) Hierarchy

Certificate authorities operate in a hierarchical structure. The basic structure of the hierarchy is: Root CA -> Intermediate CA -> Issuing CA

Certificates for Root CAs are installed on devices, such as your computer. You wouldn’t be able to use HTTPS if your computer didn’t have those certificates!

Certificate Authorities

A certificate authority is a trusted 3rd-party that creates and signs certificates for public-key infrastructure. Some certificate authorities sign certificates for things like websites, while others sign certificates for other certificate authorities.

Uses For PKI

In Cybersecurity, we usually talk about PKI in the context of web security. PKI is what lets protocols like SSL and TLS (and by extension HTTPS) work.

However, the concept of PKI is widely applicable, and can be used for:

  • Authentication
  • Email security
  • Digitally signing documents
  • Network security
  • Remote connection protocols
  • File sharing
  • and more!

Pretty much any time you want to securely exchange public keys.

What Is Blockchain?

Blockchains consist of blocks of data that are cryptographically linked together in a chain. It is difficult to retroactively modify a block without rendering the chain invalid, making the chain tamper-resistant.

They are of limited use in cybersecurity, and many of the problems they can be used to solve have other, more efficient solutions.

Cryptography

Cryptography is the process of encrypting and decrypting data in order to keep that data safe when storing or transmitting it.

  • Encryption is a way of hiding data by converting it to an encoded format.

  • Decryption is a way of revealing encrypted data by decoding it from its encoded format.

Symmetric Vs. Asymmetric Encryption

Ciphers can be symmetric or asymmetric.

  • Symmetric encryption uses the same key to encrypt and decrypt information.
  • Asymmetric encryption uses a public key to encrypt data and a different private key to decrypt data.

Asymmetric ciphers can be slower than symmetric ciphers but have additional use-cases in authentication and non-repudiation.

Hashing

Hashing is a one-way process that takes data of any size and represents it as a unique hash value of a fixed size. No matter how large or complex your file is, hashing provides a fast, reliable way to compare files and verify their authenticity.

Hashing lets you check if two pieces of information are the same, without knowing what the information itself actually is.

Hashing can be used to store sensitive data in a secure way.

A diagram showing that encryption uses keys to encrypt and decrypt data while hashing results in data being transformed into a hash.

Ephemeral Keys

Ephemeral keys are keys that are discarded after being generated and used.

This means that there is little benefit to an attacker who steals the key because the key quickly becomes useless!

Security Principle: CIA Triad

One of the most important security principles is the CIA triad, which stands for Confidentiality, Availability, and Integrity.

A triangle with three corners: Confidentiality, Integrity, and Availability

Cryptography, Confidentiality, and Integrity

Cryptography is a powerful tool for maintaining both confidentiality and integrity. Powerful ciphers prevent unauthorized parties from accessing information without the appropriate key, while cryptographic hashing algorithms make it easy to see if information has been altered, maliciously or otherwise.

Cryptography Isn’t Perfect

Given enough time, any encryption can be broken using brute force. The ciphers we use today are designed to take an extremely long time to be cracked, but computing power is always growing.

Design flaws can allow a cipher to be cracked much faster than would be possible using brute force alone. Cryptography needs to be implemented and applied correctly to work. Strong ciphers are useless if the key is easily stolen, or the data they encrypt is stored in plaintext elsewhere.

Learn More on Codecademy