<aside> <img src="/icons/key-antique_gray.svg" alt="/icons/key-antique_gray.svg" width="40px" /> A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

</aside>

Establishing a Secure Connection

• User connects to a website via HTTPS
• Web browser contacts a trusted certificate authority for the web server’s public key
• A random shared secret key is generated for symmetric encryption
• The shared secret key is securely transmitted using public key encryption
• The web server decrypts the shared secret with its private key
• Both parties use the shared secret for symmetric encryption (e.g., AES) to create a secure tunnel

Security Benefits

• Confidentiality
  • Data is encrypted using a shared secret
• Authentication
  • The web server’s identity is verified using its private key
• Visual indicators like a padlock show secure communication

Key Escrow

• Storage of cryptographic keys in a secure, third-party location (escrow)
• Enables key retrieval in cases of key loss or for legal investigations
• Relevance in PKI
  • In PKI, key escrow ensures that encrypted data is not permanently inaccessible
  • Useful when individuals or organizations lose access to their encryption keys
• Security Concerns
  • Malicious access to escrowed keys could lead to data decryption
  • Requires stringent security measures and access controls