A PKI (Public Key Infrastructure) allows principals to authenticate one another using asymmetric encryption. A client (C) claiming to be a principal (P) authenticates to a server (S) as follows:

  • S sends C a random number R.
  • C encrypts R with his private key, and sends the result to S.
  • S decrypts the result with P's public key.
  • If the result matches R, then S knows that C must possess P's private key, and so C is assumed to be P.

Return to IT Security Concepts