Dartmouth College
PKI Outreach

space picture

PKI Applications

The most widespread use of PKI is server identification certificates.  SSL requires a PKI certificate on the server to assert its identity in a trustworthy manner to the client.  Every HTTPS web server connection uses SSL and therefore also uses PKI.  This outreach web focuses on client-side applications of PKI - using end user PKI certificates instead of or in addition to server certificates.

Client-side applications of PKI fit three main categories:
  1. Authentication
  2. Digital signatures
  3. Encryption
Authentication applies to any application that needs to know with assurance the identity of the user and that the user is actually the one who is present.  Traditional authentication typically uses usernames and passwords.  PKI provides a more secure alternative to this whereby identity is proven by posession of a private key instead of a password.  A password is still usually required to protect the private key, but that password is managed locally by the user instead of shared with the application server (a major improvement in security).

Digital signatures enable a user to put their "digital John Hancock" on an electronic document.  This is directly analogous to signing in pen on a paper document  except it goes one step further and associates the exact contents of the digital document with the signature in a way that makes tampering with the document's contents after the signature easy to detect.  Again, it is posession of the private key that assures that only the owner of the PKI digital credentials could have executed the signature.

Encryption is standard protection of data in a file with a twist.  Anyone can encrypt data intended to be read by a particular user by using their public key for the encryption process.  But only the designated user posesses the private key that can decrypt the data, so its privacy is assured by the security of their private key.

Here is a list of some of the popular PKI applications in academia:
  • Authentication
    • Web applications
      • Portals
      • Student information systems
      • Library online journals
    • Network appliances
      • VPN concentrators
      • Firewalls
      • Wireless access points
  • Digital signatures
    • S/MIME secure email (sign individual emails)
    • Electronic document processing
      • Signing XML forms
      • Signing electronic documents
      • Paperless authorization processes
    • Instant messaging (sign each message)
  • Encryption
    • S/MIME secure email (encrypt individual emails)
    • Instant messaging (encrypt each message)
Applications of PKI
AOL AIM with PKI and about digital signatures
S/MIME email with Microsoft Outlook

Dartmouth's PKI Lab has tested a number of applications and made useful notes and "how to" documentation about them.  We have also documented in greater detail ways which these applications can be used in Higher Education.