PKI
Public Key Infrastructure
A framework of certificate authorities, digital certificates, and key pairs that enables secure encrypted communication and identity verification.
Technical Detail
PKI performs a handshake establishing an encrypted channel. TLS 1.3 (2018) reduced the handshake from 2 round-trips to 1, improving latency by ~100ms. It eliminated vulnerable algorithms: no RSA key exchange, no CBC mode, no SHA-1. Only five cipher suites remain, all using AEAD (Authenticated Encryption with Associated Data). Certificate verification uses a chain of trust: site certificate → intermediate CA → root CA (pre-installed in browsers/OS). Let's Encrypt automates certificate issuance for free using the ACME protocol.
Example
```javascript
// AES-256-GCM encryption (Web Crypto API)
const key = await crypto.subtle.generateKey(
{ name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']
);
const iv = crypto.getRandomValues(new Uint8Array(12));
const ciphertext = await crypto.subtle.encrypt(
{ name: 'AES-GCM', iv },
key,
new TextEncoder().encode('secret message')
);
```
Related Tools
P
Password Generator
P
Password Strength Checker
H
Hash Generator
H
HMAC Generator
A
AES Encrypt / Decrypt
R
Random String Generator
C
CSP Header Generator
T
Text Redactor
C
CORS Header Generator
S
SRI Hash Generator
B
Base64 Encoder / Decoder
J
JWT Decoder
U
UUID Generator
T
TOTP Configurator
S
SSL Certificate Decoder