Introductions to PKI

There are a great many introductions to PKI available online (and in text books).

Newcomers to the field should be aware that PKI has shifted ground subtly since the mid 00's, rendering older introductions a ittle staid and one dimensional. In particular, "PKI 101" materials tend to focus on e-mail as an archetypal application and the task of two strangers (cryptography's comic book heros Alice and Bob) identifying and hence "trusting" one another. Modern PKI is more nuanced -- with a concern for credentials, qualifications and attributes rather than personal identity -- and involvesa plurality of different certificates for different contexts. E-mail is not a great PKI application in practice; better examples are found in special purpose B2B applications and in embedded systems. SeeCase Studies.

The original PKI Forum (the forerunner to the OASIS IDtrust Member Section) produced two "PKI Basics" papers: A Technical Perspective and A Business Perspective.

See also Robert J. Brentrup, Public Key Cryptography Demystified, Campus Technology, 4/29/2003.

The American Bar Associatin has developed a useful Digital Signature Tutorial that crosses over between technlogy and the fundamental legal issues.