The word infrastructure is deliberate in PKI since it does not refer to one single physical entity. Rather, it refers to all the components used to encrypt data and safely distribute, verify, revoke and use digital certificates. These components include hardware, software, policies, procedures and entities.

PKI is a two-key asymmetric cryptosystem that supports IT systems as they pursue the confidentiality, encryption and confidence of information. Digital keys are like regular keys, except they are used to lock and unlock digital materials. In the case of PKI, lock describes encryption, while unlock refers to decryption.

Encryption is the process by which digital information is scrambled to protect it from unauthorized viewers. Once the sender encrypts information going to an authorized recipient, the recipient needs a way to unlock it to read it. In the PKI system, the two digital keys -- a public key and private key -- used to lock and unlock digital materials are the main pieces that ensure data security and facilitate secure data management between a sender and recipient. A public key lets any user encrypt information for a specified entity, such as a recipient. The only way to decrypt a public key is by using its respective private key. By using a key, users can lock and unlock data as they please. The unique part about keys is that they can also be shared with others. If someone accessed another person's digital key, they are able to decrypt their encrypted data and messages.

The public keys in PKI are connected to a digital certificate from a trusted source. The trusted source is usually a certificate authority (CA). The certificate authenticates entities -- devices or users -- helping to secure transactions, protect data, and prevent message tampering or eavesdropping.