PKI

In cryptography, a public key infrastructure (PKI) is an arrangement that provides for trusted third party vetting of, and vouching for, user identities. It also allows binding of public keys to users. This is usually carried out by software at a central location together with other coordinated software at distributed locations. The public keys are typically in certificates.

The term is used to mean both the certificate authority and related arrangements as well as, more broadly and somewhat confusingly, the use of public key algorithms in electronic communications. The latter sense is erroneous since PKI methods are not required to use public key algorithms.

PKI arrangements enable users to be authenticated to each other, and to use the information in identity certificates (i.e., each other's public keys) to encrypt and decrypt messages travelling to and fro. In general, a PKI consists of client software, server software such as a certificate authority, hardware (e.g., smart cards) and operational procedures.

A user may digitally sign messages using his private key, and another user can check that signature (using the public key contained in that user's certificate issued by a certificate authority within the PKI). This enables two (or more) communicating parties to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance.

For the rest of the Wikipedia entry on the above term, go here.

Interestingly, neither Youtube, nor Google Videos have a video on PKI.