Main content

Public Key Infrastructure

An infrastructure for authentication and identification of electronic communication with public authorities, based on the principles of asymmetric encryption

The public key infrastructure (PKI) forms the basis for authentication and identification of electronic communication with public authorities. This technology is based on the principles of asymmetric encryption. Data is processed with the help of two keys: one private and one public, which together form a complementary pair. Encryption and decryption of the data is carried out using these complementary keys. A PKI is the organisation responsible for the lifecycle of creation, distribution and revocation of key pairs.

As part of the scope of a PKI, keys and information about the key’s owner can be encapsulated into a certificate and signed by the certificate authority. This allows the ownership of keys, the terms and conditions under which they are created, and the security requirements to be kept under control, thereby increasing the trustworthiness of the system.

The most important use of a PKI is the electronic signature in which a representation (hash value) of a message is encrypted using the sender’s private key. The sender’s public key is available together with his or her certificate and can be used for verification purposes. This allows the message to be reliably linked (authentication) to the person who signed it (signatory). It is important for signatories to treat the keys for their digital signatures responsibly. Information needed for creating signatures (e.g., signature PIN) should not be accessible to others.

With the use of the electronic signature on the basis of a PKI, a legally binding system of communication between public authorities and citizens or between authorities themselves can be implemented.

Certificates and signatures can be used for many purposes in public administration:

  • Qualified certificates for cases requiring a qualified electronic signature
  • Qualified and advanced signatures for cases requiring an official signature
  • Certificates for Web services for automated signature of data
  • Server certificates used to digitally authenticate a server
  • E-mail certificates to increase the trustworthiness of e-mails sent by public authorities
  • Encryption certificates for the encryption of data
  • Certificates with application-specific requirements for special applications (digital tachograph, electronic passport, etc.)

Further information

Electronic signatures