PKI
securityFull Name: Public Key Infrastructure
Definition
Public Key Infrastructure (PKI) is a system of cryptographic technologies, policies, and services that enables the secure creation, management, distribution, and revocation of digital certificates. PKI establishes a hierarchy of trust by using asymmetric cryptography, where each entity possesses a mathematically linked key pair: a public key that can be freely shared and a private key that must be kept secret. Digital certificates, typically conforming to the X.509 standard, bind public keys to verified identities, allowing parties who have never met to establish trust. In the EUDI Wallet ecosystem, PKI provides the cryptographic foundation for credential signing, verification, and the entire chain of trust from EU root authorities down to individual wallet instances.
Core Components of PKI
A PKI system comprises several interdependent components. Certificate Authorities (CAs) are trusted entities that issue, sign, and revoke digital certificates. In the EUDI Wallet context, CAs are typically Qualified Trust Service Providers (QTSPs) that have been audited and approved under the eIDAS regulation. Registration Authorities (RAs) handle the identity verification process before certificates are issued, ensuring that only legitimate entities receive certificates.
The certificate repository, often implemented through the EU Trusted Lists, stores and distributes certificates and certificate revocation information. Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) enable real-time verification of certificate validity, which is essential when checking whether a credential issuer's authority has been revoked. The certificate policy and certification practice statement define the rules governing how certificates are issued, managed, and used within the ecosystem.
End entities in the EUDI Wallet PKI include credential issuers who sign attestations, relying parties who verify them, and the wallet instances themselves that hold device-bound private keys. Each participant in the ecosystem has a defined role within the PKI hierarchy, with clear responsibilities for key management, certificate renewal, and security incident reporting.
PKI in the EUDI Wallet Trust Model
The EUDI Wallet trust model relies on a multi-layered PKI architecture. At the top level, EU-wide trust anchors are established through the eIDAS framework and maintained in the EU Trusted Lists. Each member state operates its own national trust infrastructure, including qualified CAs that issue certificates to credential issuers within their jurisdiction. This hierarchical model allows a verifier in any member state to trace the trust chain from a credential back to a recognized root authority.
When a credential issuer, such as a national motor vehicle authority, issues a mobile driving license to an EUDI Wallet, it signs the credential using its private key. The corresponding public key is embedded in the issuer's certificate, which is itself signed by a qualified CA. The wallet stores the credential along with the certificate chain, enabling verifiers to independently validate the credential's authenticity without needing to contact the issuer directly.
Wallet Instance Attestations (WIAs) add another dimension to the PKI model. These attestations, issued by the wallet provider and signed using PKI certificates, prove that a particular wallet instance is genuine, has not been tampered with, and is running on a secure device. Verifiers can check the WIA to ensure they are interacting with a legitimate EUDI Wallet before accepting credential presentations.
Key Management and Security
Effective key management is critical to PKI security. Private keys used by credential issuers must be stored in Hardware Security Modules (HSMs) that meet strict certification requirements. EUDI Wallet private keys are stored in the device's secure enclave or Trusted Execution Environment, where they cannot be extracted even if the device is compromised. The wallet never exposes private keys to the main application processor, performing all signing operations within the protected hardware.
Key lifecycle management includes generation, distribution, rotation, and destruction. Certificate renewal processes ensure that trust is maintained even as individual certificates reach their expiration dates. In the event of a key compromise, emergency revocation procedures must be in place to immediately invalidate affected certificates and notify all relying parties through updated CRLs and OCSP responses.
The transition to post-quantum cryptography represents a future challenge for the EUDI Wallet PKI. Current PKI systems rely primarily on RSA and elliptic curve cryptography, which could be vulnerable to quantum computing attacks. The European Commission and ENISA are actively researching quantum-resistant algorithms to ensure the long-term security of the EUDI Wallet's cryptographic infrastructure.
Real-World PKI Verification Flow
In practice, when a verifier receives a credential presentation from an EUDI Wallet, it performs several PKI-related checks. First, it verifies the digital signature on the credential using the issuer's public key from their certificate. Then it validates the certificate chain, ensuring each certificate in the chain is signed by a trusted authority and checking the chain up to a root certificate in the EU Trusted Lists. Next, it checks the revocation status of all certificates in the chain using CRL or OCSP. Finally, it validates the Wallet Instance Attestation to confirm the presentation originates from a genuine wallet on a secure device.
This multi-step verification process, while complex, happens in milliseconds and provides a level of assurance far exceeding that of physical document checks. The PKI infrastructure ensures that every credential can be traced back to a recognized authority, every signature can be independently verified, and any compromise in the trust chain can be quickly detected and addressed.