The PKI services in Windows Server 2003 provide the underpinnings for applications that use cryptographic services. A properly designed PKI achieves the following goals:
The privacy of user transactions is protected by encrypting data streams and messages.
No transaction can be truly secure if the parties are completely unknown to each other. PKI provides a means for senders and recipients to validate each other's identities.
Transactions can be marked in such a way that any tampering is immediately apparent. This protection extends to preventing replays and detecting de-sequenced messages or datagrams.
It's one thing to authenticate the source of a message; it's quite another to keep the source from denying having sent the message. Digital signatures inextricably link senders to their messages.
A PKI uses standard elements to achieve these goals. Highly impenetrable encryption algorithms have been developed to achieve confidentiality. Certificates provide a secure transport to exchange the cipher keys used by these encryption algorithms. Authentication and integrity are assured by using digital signatures consisting of encrypted hashes. Non-repudiation is assured by applying digital signatures in such a way that senders always leave a mark on their communications.
Here are places to get additional information about the PKI components used in Windows Server 2003:
There are quite a few vendors who sell PKI products that you can use in place of, or in conjunction with, a Windows Server 2003 PKI. Here are the major vendors: