What Is PKI and How Does It Secure File Transfers?


Two of the most popular passwords are “123456” and “123456789.”

Think about that. Decades of cybersecurity attacks and we still resort to weak passwords.

Cybersecurity experts have a tough job: overcome users’ laziness while making sure they are who they say they are.

What is PKI?

Public key infrastructure (PKI) authentication (also called SSH key authentication, public key authentication or asymmetric authentication) is a common way to verify that data was received by the right person. In PKI authentication, there are two keys: one public and one private.

Anyone can see the public key, but the private key is only known to one user. The private key must remain private so that only the true recipient can decrypt the message. If others get the private key, PKI authentication is no longer secure.

How does PKI work in SFTP file transfers?

Here’s how it works:

  1. Bob wants to send data to Alice. He uses his public key to encrypt (or make unreadable) the file.
  2. The file is transferred to Alice.
  3. Alice receives the file and uses her private key to decrypt (or make readable) the file.

PKI authentication ensures secure file transfer between users

Why use SSH key authentication for secure file transfer?

You should use PKI authentication for file transfer for 3 reasons:

  1. Passwords aren’t as secure.

    As I mentioned above, people don’t always pick complex passwords, which makes them susceptible to brute force attacks.

    If they make a password based on personal information (such as birthday, address or favorite sports team), someone who knows them well enough may be able to get through. Users may also write a complex password down and keep it near their workstation, which also compromises security.

  2. SSH keys are more difficult to hack than passwords.

    SSH keys can be up to 4096 bits in length and aren’t human generated, which makes them much more difficult to guess.

  3. If the server is hacked, SSH keys are more secure than passwords.

    Passwords are sent to servers, but private keys are not. If hackers get into the server and you use SSH, they can’t access accounts.

Get complete file transfer security with MFT

If you wouldn’t use a weak password like “123456” for your computer, you definitely shouldn’t leave protection of confidential files up to chance.

Thru, our cloud managed file transfer (MFT) solution, has built-in support for three commonly used secure protocols: SFTP, FTPS and HTTPS. It also provides encryption at rest and file-level encryption with PGP (Pretty Good Privacy). Learn more about how you can keep your company one step ahead of cyberattacks on our secure file transfer page.




Have questions about managed file transfer?

Get answers, not a sales pitch. Our experts have analyzed, discussed and solved difficult file transfer challenges since 2002. We are here to help you.

Scroll to Top