What is PKI?
PKI stands for Public Key Infrastructure and over recent years has been
gaining momentum and it basically consists of two keys, a public and a private
key.
Previous encryption methods we have looked at use a symmetric key which means
the same key is used to both encrypt and decrypt. Publickey encryption is
different, here there are the two keys and if something is encrypted with the
private key only the public key can decrypt it, and if something is encrypted
with the public key only the private key can decrypt it.
As the names suggest the private key is known only by the owner but the public
key is known by all. This means you have to keep the private key very private!
X.509 certificates are used for the distribution of the public key which
means Certificate Authorities (CA) are needed and need to be configured as
trusted for the domains.
If a user wants to send a message in private to a user they encrypt the
message using the recipients public key, this means only the owner of the
private key (the recipient) can decrypt it.
The problem with publickey encryption however is that it is slow and so
publickey encryption is more commonly used to distribute a faster symmetric key
which is then used to encrypt actual data.
Security FAQ
Windows Privacy Tools  http//www.privacywindows.com
