Implementation Issues of Pki Technology

Today, one of the biggest concerns about using the Internet for business-critical data is security. This paper will concentrate on the area of software security based on public key cryptographic technology. The Public Key systems make it possible for two parties to communicate securely without either having to know or trust the other party. This is possible because a third party, called the Certification Authority, that both the other parties trust identifies them, and certifies that their keys are genuine. This third party guarantees that they are who they claim to be. A public key infrastructure (PKI) is a set of technologies and security policies that a company can use to issue, revoke, and manage digital certificates within its organizational structure. The paper tries to analyse some of major deployment aspects of an organizational PKI and the main design issues for a Public Key Infrastructure (PKI), needed to secure network applications. Typically cryptographic functions require keys which are used to encrypt and decrypt the data and are known only by trusted entities. There are two commonly known flavours of key-based cryptography, known as symmetric key, and asymmetric key. As the names suggest, symmetric key cryptography uses the same key to encrypt and decrypt data, while asymmetric key cryptography uses two keys which are mutual inverses (one decrypts the other's encryption). Asymmetric cryptography is known as public key cryptography, because one half of the key pair can be published without compromising the overall security of the system. Public keys may be maintained in a database, with associated subject identity and other information, each record is known as a certificate. Certificates, however, do not by themselves enhance the trust in the system as a trusted third party is still required to create