A PKI (Public Key Infrastructure) allows principals to authenticate one another using asymmetric encryption.
A client (C) claiming to be a principal (P) authenticates to a server (S) as follows:
- S sends C a random number R.
- C encrypts R with his private key, and sends the result to S.
- S decrypts the result with P's public key.
- If the result matches R, then S knows that C must possess P's private key, and so C is assumed to be P.