PKI stands for Public Key Infrastructure and over recent years has been gaining momentum and it basically consists of two keys, a public and a private key.

Previous encryption methods we have looked at use a symmetric key which means
the same key is used to both encrypt and decrypt. Public-key encryption is
different, here there are the two keys and if something is encrypted with the
private key only the public key can decrypt it, and if something is encrypted
with the public key only the private key can decrypt it.

As the names suggest the private key is known only by the owner but the public
key is known by all. This means you have to keep the private key very private!

X.509 certificates are used for the distribution of the public key which means Certificate Authorities (CA) are needed and need to be configured as trusted for the domains.

If a user wants to send a message in private to a user they encrypt the message using the recipients public key, this means only the owner of the private key (the recipient) can decrypt it.

The problem with public-key encryption however is that it is slow and so public-key encryption is more commonly used to distribute a faster symmetric key which is then used to encrypt actual data.