Cyptography

• Communication in a Public Key system is asymmetric, meaning the sender and receiver do not need a common key to send encrypted messages. The sender needs to know the receiver's public key in order to send the message. For communication to remain private, however, the receiver needs to keep the sender's private key confidential.
  
  

Trust

• Because of asymmetric encryption, communication in a PKI should be secure. Problems arise when individuals or companies misrepresent themselves by assuming false identities, thus allowing confidential information to fall into the wrong hands.
  
  

Certificate Authority

• Certificate Authorities are trusted third parties that verify identities of websites holding Public Keys. The certificates issued contain names, addresses, phone numbers and other verifiable information, to determine whether the entity is real. Different vetting requirements are dependent on the type of certificate issued. Some certificates issued provide an additional encryption called a Secure Socket Layer (SSL) that makes communication more secure. Without a CA, one would have to verify the identity of a Public Key by offline means.