Federal Office for Information Security (BSI)

Public Key Infrastructres (PKIs)

A public key infrastructure (PKI) is a hierarchy of digital certificates. What a PKI is in general and what forms are required for electronic ID documents is explained below.

PKI general description

The principles of a PKI are based on asymmetric encryption. Asymmetric encryption creates a key pair for everyone who wants to communicate encrypted. This pair consists of both a private (secret) key and a public key. These are generated so that a file, which was encrypted with the public key, can only be decrypted with the corresponding private key (the background mathematics should not be discussed here). It is also possible to digitally sign a file with the same private key. With the corresponding public key it can then be checked whether the file was altered since it was signed or not.

A digital certificate contains the public key of such a key pair and more details, e.g. who issued the certificate, for whom it was issued (= the owner of the corresponding private key) and the period of validity. If two partners want to securely transmit messages to each other, they exchange their certificates and are then given the opportunity to encrypt messages in such a way, that only the other one can decrypt them. In addition, they can also check each other´s digital signature.

However, in order to exchange the certificates the communication partners should know each other and find a safe exchange method, so that they can be sure that they actually receive the certificate of the person or institution they would like to communicate with. One possibility would be to send the certificates via email and then check the respective electronic fingerprint of the two certificates over phone (this is a unique letter-number combination for each certificate).

So-called public key infrastructures are established in order to facilitate the exchange of certificates and to also allow this exchange even if the communication partners do not personally know each other. .

In a public key infrastructure, i.e. a hierarchy of certificates, a root certificate with the associated key pair is generated by a - for all participants trustworthy - authority called Certificate Authority (CA). This root certificate can be used as a trust anchor. Further certificates in this PKI will be signed with the private key belonging to the root certificate. Such a certificate signature is issued only when all requirements specified by the Certificate Authority have been met. These include, among other things, an identity proof of the person or organisation who wants to use the certificate and a proof that their private key is securely stored.

Not all PKI certificates must be signed with the private key of the root certificate. It is also possible to use such private keys, of those corresponding certificates have been signed with the private key of the root certificate. Theoretically, such a chain can be arbitrary long, it just has to start always with the root certificate. To verify the authenticity and trustworthiness of a certificate from a PKI, all certificates between this one and the root certificate have to be verified.

The certificates are valid only for a limited period of time.

Public Key Infrastructures for electronic ID documents

The currently used or planned electronic ID documents respectively require two public key infrastructures. A PKI for the authentication of electronic ID documents (protocol: Passive Authentication), the Country Signing Certificate Authority (CSCA) and a PKI for the protection of the fingerprints on the electronic ID documents (protocol: Terminal Authentication), the Country Verifying Certificate Authority (CVCA).

More information can be found in our technical guideline BSI-TR-03110.