An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Public Key Infrastructure (PKI) in Cybersecurity.
Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.
Public-key infrastructure (PKI) is what makes internet encryption and digital signatures work. When you visit your bank website you are told it is encrypted and verified.
Before we talk about what exactly PKI is, we need to talk about public-key cryptography. Public-key cryptography is a type of cryptography that uses asymmetric encryption which is a type of encryption that uses multiple keys. Public-key cryptography has a private key, and a public key. Both keys can encrypt data, but the public key can only decrypt data encrypted by the private key. The public key can also not be easily derived from the private key.
If two people exchange public keys with each other, they can talk to each other securely. They do this by encrypting messages with their own private key as well as the other person’s public key. There is one big question: how do these people exchange public keys securely? If they send them via an insecure channel, someone could intercept the keys, and substitute in their own, different keys. Each person would think they were talking directly with the other, when, in fact, they were both now talking to an attacker.
- Public-key cryptography can create secure channels of communication, but it requires an existing secure channel to exchange keys.
This is the problem that PKI aims to solve. PKI’s most basic purpose is to securely distribute and manage public keys.
- It does this using trusted third parties who verify the authenticity of public keys and then use their own private keys to digitally sign the public keys. That way, even if the key is not encrypted and has to be sent over cleartext, we will still be able to verify that the key is trusted by the third party.
PKI takes advantage of the fact that information encrypted with a private key can be decrypted by anyone with the corresponding public key. This is used to create digital certificates vouching for the authenticity of a given public key. The third-parties who verify the authenticity are known as certificate authorities, or CAs for short.
You may have noticed this doesn’t actually solve the problem of securely exchanging public keys… it just moves it! We still need some way to securely get the certificate authority’s public key. For this reason, there are hierarchies of certificate authorities, with root CAs at the top of the hierarchy.
This system isn’t perfect. There have been cases of computer manufacturers installing additional root CAs on computers without informing customers, for the purpose of distributing ads. There have also been instances of certificate authorities having their private keys compromised. For these reasons, PKI usually has additional security features.
Certificate Revocation is the ability for certificate authorities to revoke certificates, essentially saying “we no longer verify the legitimacy of this private key.” Certificates also expire after a set amount of time and must be renewed. Certificate pinning is when a computer or software remembers what certificate a given entity (usually a website) uses. Even if a CA is compromised and maliciously issues certificates for that entity, they won’t match the saved certificate and won’t be accepted.
Well, pretty much every website we use, for one thing! The github.com domain, for example, has a SSL certificate that proves it’s the real website and not an impostor. That certificate is signed by a certificate authority, and follows a chain of trust back to a certificate that’s on our computer somewhere. When we connect to codecademy.com via HTTPS, our browser requests Codecademy’s certificate and uses it to verify the legitimacy of the server before establishing a secure connection.
While we usually talk about PKI in the context of web security, it comes in handy any time we need a system to exchange public keys and verify their authenticity. PKI can be used for wireless network security, multi-factor authentication, file-sharing, remote connection protocols, email security, digitally signing documents, and more!
PKI is an essential technology for modern security, serving as a foundation for modern web security. While PKI can seem intimidating at first, it isn’t as hard to understand once we see what problems it tries to solve, and know about the cryptographic principles that make it work. Not everyone needs to know the technical details of how PKI works, but it’s something that everyone in cybersecurity should have a basic knowledge of.
The organizations behind the browser and the operating system development maintain the most widely used collections of up-to-date certificate authority certificates.
Root programs keep the list up-to-date and work together on the process standardization.
Chrome Root Program
Mozilla's CA Certificate Program
Apple Root Certificate Program
Microsoft Trusted Root Certificate Program
The Common CA Database (CCADB) - managed by Mozilla, supported by Microsoft & Google
Everything you Never Wanted to Know about PKI but were Forced to Find Out (PDF) - by Peter Gutmann
PKI: It’s Not Dead,Just Resting (PDF) - Peter Gutmann
X.509 Style Guide - by Peter Gutmann
SSL/TLS and PKI History - Feisty Duck
How to build your own public key infrastructure - The Cloudflare Blog
Everything you should know about certificates and PKI but are too afraid to ask - Smallstep Labs blog
Path Building vs Path Verifying: The Chain of Pain
Certificate Transparency: a bird's-eye view
Key Management Cheat Sheet, OWASP
Certificate Policy and Certification Practice Statement documents for ISRG / Let's Encrypt
Checklist on building an Offline Root & Intermediate Certificate Authority (CA) - Stack Overflow
Certificate Authority with a YubiKey
Get started with the Nitrokey HSM or SmartCard-HSM
PKI maturity model - by PKI Consortium
PKI Posters - Posters by Carl Mehner about the entire lifecycle of an SSL certificate
Why I don't like smartcards, HSMs, YubiKeys, etc. - Hacker News
The Untold Story of PKCS#11 HSM Vulnerabilities - Cryptosense
A survey of Hardware Crypto Devices (PDF) - cryptotronix
Linux smart cards (OpenSC) - How-to - Cédric Dufour blog
Key Management and use cases for HSMs - Cryptomathic
What is Key Management? a CISO Perspective - Cryptomathic
The Definitive Guide to Encryption Key Management Fundamentals - Townsend Security
Example of an IANA DNSSEC signing ceremony - not x509, but describes the procedure of a serious key ceremony
Security Concepts, Subsection 28.9: Key Management - blog of Travis
NIST Key Management Guidelines
NIST Cryptographic Module Validation Program
Commercial Cryptographic Key Management in 2018
Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications, Ivan Ristić
Cryptography Engineering: Design Principles and Practical Applications, Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno
Security Engineering, The Second Edition (2008) - Chapter 21: Network Attack and Defence, Ross Anderson
Encyclopedia of Cryptography and Security, Henk C.A. van Tilborg
Architecture for Public-Key Infrastructure (APKI), The Open Group Guide, 1999
Is the Web Ready for OCSP Must-Staple? (PDF)
The First Ten Years of Public-Key Cryptography - Whitfield Diffie (PDF)
Hackable Security Modules: reversing and exploiting a FIPS 140-2 lvl3 HSM firmware - video, PDF
PKI Bootcamp by Paul Turner - Playlist
How to be a Certificate Authority, feat. Ryan Sleevi - Security. Cryptography. Whatever. podcast
Fundamental X.509 PKI in Theory and OpenSSL (Cyrill Gössi) - Playlist
| Software | pkcs11 support | ACME support | Notes |
|---|---|---|---|
| Let's Encrypt Boulder | yes | yes | not much documentation, no commercial support |
| step-ca | yes | yes | cloud-ready CA with the commercial support |
| EJBCA | yes | yes | $$$$ commercial support |
| Dogtag Certificate System | yes | yes | n/a |
| HashiCorp Vault PKI backend | no (only enterprise?) | no | API based CA |
| CFSSL | no | no | PKI toolkit with an API |
| easy-rsa | no | no | easy-rsa - Simple shell based CA utility |
| OpenSSL Certificate Authority | yes | no | shell based CA leveraging OpenSSL |
| XCA | yes | no | Certificate authority with a comprehensive GUI |
MIT License & cc license
This work is licensed under a Creative Commons Attribution 4.0 International License.
To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.