A key server is a networked computer used to provide cryptographic keys to other computer programs or end-users. Key servers can be used on both internetal networks as well as across the Internet. Today, the primary keys that are served by key servers are keys in Open PGP, x.509, or PKCS key certificate formats and help serve to verify information by a company or individual in the public key infrastructure architecture.

How Key Servers Were Created

Key servers were initially developed as part of the overall creation of public key infrastructure or cryptography. In PKI, any one person has both a public and a private key with the public key being required to start or initiate encrypted communications with the person holding the corresponding private key. Since its time consuming to exchange public keys via email, key servers were created in order to provide a centralized location to save and transmit public keys.

What Are Digital Certificates?

A problem with public key infrastructure (PKI) is that you have to pay attention that you are using the right key to encrypt your data. An attack that can be made on public key servers is when someone can upload a fake key with the name and associated user identification of someone else. Then, others may mistake the imposer for the real person and send him or her encrypted data to the fake public key. As a result of this vulnerability, digital certificates were created to verify ownership of public keys.

Public certificates serve as additional forms of credentials to verify a public key. They contain a public key, identity information about the end user, and one or more digital signatures. The digital signature on a certificate comes from a trusted organization or authority and confirms that the signature is bound to the public key contained in the certificate.

Certificate Key Servers

Certificate key servers are also referred to as simply key servers and serve as a database which solely stores, retrieves, and allows users to submit digital certificates. Key servers are also capable of implementing organization or company policy covering type of encryption used to create the certificate and verification by a per-approved listing of trusted authorities also referred to as a “Certification Authority” or “CA.” The CA is responsible for creating certificates uploaded to the key server and signing with their private key. Others may then use the CA public key to verify the authenticity of a certificate as well as the integrity of the contents.