Public Key Infrustructure (PKI)
<table><tr><td>
Everyone has seen PKI in some form or another. When you logon to a web site with https at the beginning of the universal resource locator (URL), your browser and the web server are protecting the data being transmitted between them with either 40 bit or 128 bit encryption depending on your browser.
</td></tr><tr><td>
The web site operator is responsible for the secure connection because they have obtained a server certificate and have configured their web server to use the Secure Socket Layer (SSL) when requested. Your browser will try to validate the certificate from a third party. Most of the certificate authorities (CA) have already been loaded into your browser and it will search those sites to verify the server's certificate authenticity. The CA guarantees that the web server is the same site that requested the certificate in the first place. The browser will warn you if the location of the server is different from what was originally requested from the CA or if the certificate has expired or if it can’t find the CA. If you answer yes to any of the problems mentioned or there are no problems, then the browser and the web server then negotiate the SSL connection. This all sounds complicated but it all happens very fast.
</td><td>

</td></tr><tr><td>
Another part of the PKI equation is the personal certificate. The personal certificate tells the world that you are who you say you are and who ever issued the certificate guarantees it. So it’s important that you not loose your personal certificate or let anyone else have it.
</td></tr><tr><td>

</td><td>
If web sites have certificates and secure the connection, why do we need one? There are a number of applications that would benefit from a personal certificate. Probably the most important one is email. While not all mail client software can do PKI, the ones that do are SMIME compliant. Regardless of which type of mail client you use, when you send an email without any precautions, the contents are in the clear and anyone can read it. And they do, whether we realize it or not. When you use a personal certificate you can sign the email, which tells the receiver that, you are who you say you are and/or encrypt the contents of your email with the public key that the receiver shared with you. The receiver decrypts the message with their private key.
</td></tr><tr><td>
Okay the cats out of the bag. Certificates have two parts a private part that only you know or the web server knows and a public part that you or the web server shares with others who want to access information. The private part of the certificate has a password that only the owner knows. The public part only has the information that is needed to validate the authenticity and encrypt the data shared between the sender and receiver. These two parts are called public and private keys.
</td><td>

</td></tr></table>