PKI
Public Key Infrastructure
A framework of certificate authorities, digital certificates, and key pairs that enables secure encrypted communication and identity verification.
기술 세부사항
PKI performs a handshake establishing an encrypted channel. TLS 1.3 (2018) reduced the handshake from 2 round-trips to 1, improving latency by ~100ms. It eliminated vulnerable algorithms: no RSA key exchange, no CBC mode, no SHA-1. Only five cipher suites remain, all using AEAD (Authenticated Encryption with Associated Data). Certificate verification uses a chain of trust: site certificate → intermediate CA → root CA (pre-installed in browsers/OS). Let's Encrypt automates certificate issuance for free using the ACME protocol.
예시
```javascript
// AES-256-GCM encryption (Web Crypto API)
const key = await crypto.subtle.generateKey(
{ name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']
);
const iv = crypto.getRandomValues(new Uint8Array(12));
const ciphertext = await crypto.subtle.encrypt(
{ name: 'AES-GCM', iv },
key,
new TextEncoder().encode('secret message')
);
```