Public Key Infrastructure (PKI)

What is Public Key Infrastructure (PKI)?

Public Key Infrastructure (PKI) is the framework of technologies, policies, and procedures that enables secure electronic communication and digital signatures. At its core, PKI relies on asymmetric cryptography — a system where each user has a pair of mathematically related keys: a private key (kept secret) and a public key (shared openly).

In the context of electronic signatures, PKI works as follows: the signer uses their private key to create a digital signature on a document. Anyone can then use the signer's public key to verify that the signature is authentic and that the document has not been altered. The mathematical relationship between the keys ensures that only the holder of the private key could have created the signature, while anyone with the public key can verify it.

The trust in PKI comes from certificate authorities (CAs) — trusted organizations that verify the identity of key holders and issue digital certificates binding a public key to a specific identity. When you verify a digital signature, you also check that the signer's certificate was issued by a trusted CA and has not expired or been revoked. This chain of trust is what makes PKI-based signatures reliable.

PKI is the technological foundation for advanced and qualified electronic signatures under eIDAS. It provides the three key properties these signature levels require: authentication (proving who signed), integrity (proving the document hasn't changed), and non-repudiation (preventing the signer from denying their signature).