The foundation of all PKI is public-key (also known as asymmetric-key) cryptography (see
Public-key cryptography), which it uses for the primary authentication services that it provides. While very secure, however, this is a relatively slow cryptographic technique. Therefore, a PKI uses symmetric-key cryptography for its combination of speed and strength to handle the encryption and decryption of actual data after it has already been authenticated. The PKI might generate the symmetric keys randomly using a
Pseudo Random Number Generation function (PRNG), or it might use password-based encryption (less typical) to generate keys based on a user-supplied password (see
Password-based encryption (PBE)). It then uses asymmetric-key cryptography to exchange and maintain the confidentiality of the symmetric keys used to encrypt and decrypt the data.