Public-Key Infrastructure (PKI)
Let's learn about the public-key infrastructure in detail.
When using the public-key cryptography, one common problem is that how can a client ensure the server is who they claim to be?
In theory, a malicious party could generate a second keypair and present the public key to us, which we would use to encrypt to send the data. Even though the data is encrypted, they can stil be sent to the wrong party, who would be able to then decrypt them with their private key. To ensure the client is talking to the server it expects, we can make use of certificates.
Certificates
Certificates are digital documents that bind a public key to a specific entity. They are used by clients for authentication purposes.
These certificates can have different formats, but X.509 is a common standard defining one format for protocols, such as TLS.
X.509 certificate
An X.509 certificate contains a public key, and the identity of this public key belongs to it. This identity is ...