There have been a number of views expressed within Legal IT regarding public key infrastructure (PKI). These have focused on technical issues, rather than real world problems and how PKI provides real solutions.

You should think of PKI as a group of people in an office. You give them all keys to lock the door as they leave, but only you have the key to open the door the following morning. PKI encrypts documents using a similar principle. Many people can have the encryption key, but only you have the decryption key; hence messages are secure. A slight variation on this theme allows documents to be ‘signed’ which gives authenticity to the message and the reassurance it has not been modified since the sender last agreed its content. When a PKI system is properly executed the user should have no idea they are using this technology – all the user sees is a smartcard in their wallet.