Public Key Infrastructure (PKI)
The foundation of modern digital security: asymmetric cryptography enables secure communication without shared secrets.
Asymmetric Cryptography Basics
Unlike symmetric encryption where both parties share the same secret key, asymmetric cryptography uses a key pair: a private key that must be kept secret, and a public key that can be freely shared.
🔐 Private Key
- Must be kept absolutely secret
- Used to decrypt data encrypted with your public key
- Used to sign data (proving you are the sender)
- Should be protected by hardware (HSM) or strong passphrase
- If compromised, all security is lost
🌐 Public Key
- Can be freely distributed to anyone
- Used to encrypt data that only you can decrypt
- Used to verify signatures you created
- Embedded in certificates for identity verification
- Cannot be used to derive the private key
Encryption vs. Digital Signatures
The key pair can be used in two opposite directions, serving different security purposes.
📨 Encryption (Confidentiality)
Goal: Only the intended recipient can read the message.
Sender encrypts with recipient's PUBLIC key
→ Only recipient can decrypt with their PRIVATE key
Example: You want to send a secret message to Alice. You encrypt it with Alice's public key. Only Alice can decrypt it with her private key.
✍️ Digital Signature (Authenticity)
Goal: Prove the message came from you and wasn't modified.
Sender signs with their PRIVATE key
→ Anyone can verify with sender's PUBLIC key
Example: You sign a document with your private key. Anyone with your public key can verify that you (and only you) signed it.
What is a Certificate?
A certificate is a signed statement that binds a public key to an identity (person, server, organization).
📜 Certificate Contents
The Trust Chain
Self-signed, trusted by OS/browser
Signed by Root CA
Signed by Intermediate
Who Needs What?
A quick reference for common PKI operations.
| Operation | You Need | Purpose |
|---|---|---|
| Encrypt a message to Bob | Bob's public key | Only Bob can decrypt |
| Decrypt a message sent to you | Your private key | Access confidential content |
| Sign a document | Your private key | Prove it came from you |
| Verify Bob's signature | Bob's public key (certificate) | Confirm Bob signed it |
| Issue a certificate | CA's private key | CA signs the certificate |
| Verify a certificate | CA's public key (root cert) | Confirm CA issued it |
BSI TR-02102: Recommended Algorithms
The German Federal Office for Information Security (BSI) publishes TR-02102 with cryptographic recommendations valid until 2031+.
Signature Algorithms
| Algorithm | Min. Key Length | Security Level | Valid Until | YubiHSM 2 | Note |
|---|---|---|---|---|---|
| RSA | ≥ 3000 bits | ~100-120 bit | 2031+ | ✅ | Binding since 2024 |
| ECDSA P-256 | 256 bits | ~128 bit | 2031+ | ✅ | NIST curve, widely supported |
| ECDSA P-384 | 384 bits | ~192 bit | 2031+ | ✅ | Higher security margin |
| Ed25519 | 256 bits | ~128 bit | 2031+ | ✅ | Modern, deterministic signing |
| Ed448 | 448 bits | ~224 bit | 2031+ | ❌ | Highest security EdDSA |
Hash Functions
| Algorithm | Output Size | Status | YubiHSM 2 | Use Case |
|---|---|---|---|---|
| 160 bits | ❌ Deprecated | ⚠️ | Do not use for signatures | |
| SHA-256 | 256 bits | ✅ Recommended | ✅ | Standard choice |
| SHA-384 | 384 bits | ✅ Recommended | ✅ | Higher security margin |
| SHA-512 | 512 bits | ✅ Recommended | ✅ | Most secure against future attacks |
💡 Practical Recommendation
For new PKI deployments, use ECDSA P-384 with SHA-384 or Ed25519 for end-entity certificates. For root and intermediate CAs that need long validity periods, consider RSA-4096 with SHA-512 for maximum compatibility and security margin. All recommended algorithms are supported by YubiHSM 2 for hardware-protected key storage.
Implement PKI with Signando CA
Build your own certificate authority with hardware-backed key protection.