PKI: Public Key Infrastructure Explained

Introduction: why PKI is at the heart of digital trust

In a world where millions of contracts are signed online each day, a fundamental question arises: how can you be certain that the person signing is who they claim to be, and that the document has not been altered after signature? The answer lies in three letters: PKI (Public Key Infrastructure). This cryptographic system constitutes the technical foundation of any qualified electronic signature in accordance with the eIDAS regulation. In this article, we explain in detail how PKI works, its essential components — including X.509 certificates — and how it guarantees the authenticity, integrity and non-repudiation of your digital legal acts.

---

What is PKI? Definition and fundamental principles

PKI (Public Key Infrastructure) refers to a set of policies, procedures, hardware, software and people necessary to create, manage, distribute, use, store and revoke digital certificates. It is based on asymmetric cryptography, that is, the use of a pair of mathematically linked keys: a private key (secret) and a public key (freely shareable).

The principle of asymmetric key pairs

When a signatory affixes their electronic signature to a document, they use their private key to generate a unique cryptographic fingerprint of the file (a hash). This fingerprint, encrypted with the private key, constitutes the digital signature. Any third party can then verify the authenticity of this signature using the signatory's corresponding public key. If verification succeeds, two guarantees are established:

• Authenticity: only the holder of the private key could have produced this signature.
• Integrity: the document has not been modified since signature.

The RSA (Rivest-Shamir-Adleman) algorithm remains the most widespread, with keys of 2,048 or 4,096 bits. Elliptic curve algorithms (ECDSA) are gaining ground for their performance at equivalent security levels.

The trust problem and PKI's answer

Asymmetric cryptography solves the integrity problem but immediately raises another question: how do you know that the public key really belongs to the person it claims to represent? This is precisely where PKI comes in. It introduces a trusted third party — the Certification Authority (CA) — which verifies the identity of the public key holder and issues a digital certificate guaranteeing this association.

---

The essential components of a PKI

An operational public key infrastructure revolves around several interdependent components. Understanding their respective roles is essential to assess the robustness of an electronic signature solution.

The Certification Authority (CA)

The Certification Authority is the central entity of the PKI. It digitally signs the certificates it issues, thereby linking a verified identity to a public key. In Europe, qualified CAs are listed in national trust lists (Trusted Lists), published in accordance with Article 22 of the eIDAS regulation. In France, it is the ANSSI that maintains this list. Providers such as CertEurope, Certinomis or Certigna are listed there.

The certification hierarchy forms a chain of trust: a root CA (Root CA) signs intermediate CAs, which in turn sign certificates for end users. This architecture makes it possible to limit the exposure of the root key (stored offline in an HSM) and to manage revocations in a granular manner.

The Registration Authority (RA)

The Registration Authority is responsible for verifying the identity of applicants before the CA issues a certificate. This verification may be:

• Face to face (required for qualified certificates under eIDAS).
• At a distance via video identification compliant with ETSI EN 319 401 standards.
• Via an eKYC process (electronic Know Your Customer) for intermediate trust levels.

X.509 digital certificates

The X.509 format is the international standard defining the structure of digital certificates in a PKI. Defined by the ITU-T and adopted by the IETF via RFC 5280, an X.509 certificate contains in particular:

• The identity of the holder (name, organisation, email).
• The holder's public key.
• The identity and signature of the issuing CA.
• The certificate's validity period.
• The unique serial number.
• Extensions: authorised uses (code signing, authentication, document signing), CRL distribution points, OCSP URLs.

In the context of qualified electronic signature eIDAS, qualified X.509 certificates must be issued on a qualified signature creation device (QSCD), typically a smart card or HSM (Hardware Security Module).

The revocation mechanism: CRL and OCSP

A certificate may become invalid before it expires: loss of the private key, compromise, change in the holder's status. Two mechanisms make it possible to verify validity in real time:

• CRL (Certificate Revocation List): list periodically published by the CA listing revoked certificates.
• OCSP (Online Certificate Status Protocol, RFC 6960): protocol enabling instant verification of a certificate's status. Preferred in high-frequency transaction environments.

Serious electronic signature solutions, such as those described in our comparison of electronic signature solutions, systematically integrate these checks into their signature workflow.

---

How PKI concretely secures electronic signature

Understanding the technical journey of an electronic signature supported by a PKI allows you to measure the level of assurance offered.

The signature process step by step

1. Document hashing: a hash algorithm (SHA-256 or SHA-3 according to ANSSI 2026 recommendations) produces a unique digital fingerprint of the document.
2. Encryption of the fingerprint: the signatory encrypts this fingerprint with their private key (stored in their QSCD). This operation never leaves the secure device.
3. Creation of the signature packet: the encrypted signature is associated with the document, accompanied by the signatory's X.509 certificate and a qualified timestamp.
4. Verification on the recipient's side: the recipient (or their software solution) decrypts the fingerprint with the signatory's public key, recalculates the hash of the received document and compares. If the two fingerprints match, the signature is valid.

The three levels of eIDAS signature and their relationship to PKI

The eIDAS regulation distinguishes three levels of electronic signature, each involving more or less extensive use of PKI:

• Simple electronic signature (SES): not necessarily supported by a PKI. Limited evidential value.
• Advanced electronic signature (AdES): necessarily based on a key pair and a certificate linked to the signatory. Standardised technical formats by ETSI: XAdES, PAdES, CAdES.
• Qualified electronic signature (QES): the highest level, legally equivalent to handwritten signature throughout the EU. Requires a qualified certificate issued by a trusted CA listed on the Trusted List and a QSCD. This is the full deployment of qualified PKI.

For companies wishing to deploy qualified signature on a large scale, our guide on electronic signature in the enterprise details the steps for operational implementation.

Qualified timestamp: the temporal dimension of PKI

PKI is not limited to identity: it also guarantees the temporal dimension of acts via qualified timestamping (RFC 3161). A trusted timestamping service (TSA) issues a cryptographic token certifying that a document existed in its current form at a specific instant. This is crucial for long-term proof retention and compliance with legal document retention obligations (art. L.110-4 French Commercial Code: 5 years for commercial acts; art. 2224 French Civil Code: 5 years for common law contract obligations).

---

PKI and long-term trust: the challenge of proof retention

A signature that is valid today may become unverifiable in 10 years if the cryptographic algorithms used have become obsolete or if certificates have expired. PKI addresses this challenge through signature formats with long-term evidential value.

AdES formats with long-term validity

The ETSI has defined extended signature profiles — XAdES-LTA, PAdES-LTA, CAdES-LTA — which encapsulate in the signed file all the evidence necessary for future verification: complete certificate chains, archived OCSP responses, multiple timestamps. These formats comply with the ETSI EN 319 132 standard (XAdES) and ETSI EN 319 122 (CAdES).

Cryptographic migration in the face of quantum computing

The emergence of quantum computing represents a medium-term threat to current RSA and ECDSA algorithms. The US NIST finalised its first post-quantum cryptography standards in 2024 (CRYSTALS-Dilithium for signatures). ANSSI and ENISA are working on migration roadmaps that should be realised in revisions to the eIDAS standard around 2028-2030. Companies relying on well-managed PKI will be better positioned for this transition, as updating certification authorities is easier than redesigning ad hoc cryptographic systems.

For those evaluating their current solution, Certyneo's electronic signature ROI calculator makes it possible to quantify the gains from an industrialised PKI infrastructure.

Legal framework applicable to PKI and electronic signature

Public key infrastructure is not just a technical system: it falls within a dense European and national legal framework, the mastery of which is essential for any organisation wishing to rely on electronic signature in its legal acts.

Regulation eIDAS No. 910/2014 and its evolution

Adopted on 23 July 2014 and applicable since 1 July 2016, Regulation (EU) No. 910/2014 (eIDAS) is the founding text of digital trust in Europe. It defines the requirements applicable to qualified trust service providers (QTSPs), to qualified certificates and to QSCDs. Its Article 26 sets the conditions for advanced signature; its Article 28 defines qualified certificates for electronic signature; its Annex I details the requirements for these certificates — directly derived from the X.509 format.

eIDAS 2.0 Regulation (EU Regulation No. 1183/2024, published in the Official Journal on 30 April 2024) strengthens this framework by notably requiring Member States to recognise the European Digital Identity Wallet (EUDIW) and extending the obligation to recognise to private service providers in certain sectors.

French Civil Code: evidential value of electronic signature

In French law, Articles 1366 and 1367 of the Civil Code (arising from Ordinance No. 2016-131 of 10 February 2016) confer on electronic signature the same value as handwritten signature, provided it meets the requirements for identification of the signatory and integrity of the document. The presumption of reliability applies when the signature is created according to a qualified procedure within the meaning of eIDAS — that is, based on a qualified PKI.

Article 1368 provides that the procedures for establishing this reliability are set out in a decree by the Council of State, namely Decree No. 2017-1416 of 28 September 2017 relating to electronic signature.

ETSI standards applicable to PKI

• ETSI EN 319 401: general requirements for trust service providers.
• ETSI EN 319 411-1 and -2: requirements for CAs issuing qualified certificates.
• ETSI EN 319 132: XAdES specifications for advanced XML signatures.
• ETSI EN 319 122: CAdES specifications.
• ETSI EN 319 162: preservation and timestamping services.

GDPR and personal data in PKI

X.509 certificates contain personal data (name, surname, email, sometimes national registration number). Their processing is subject to Regulation (EU) No. 2016/679 (GDPR). CAs must in particular define a retention period in compliance, inform certificate holders and guarantee the exercise of their rights. Revocation of a certificate at the holder's request is a practical way of exercising the right to erasure (within the limits of the obligation to retain proof).

Liability and legal risks

A poorly managed PKI exposes the company to serious risks: challenge to the evidential value of signatures in case of expired or revoked certificates, inability to verify a signature long-term in the absence of LTA formats, and potential civil liability in case of compromise of private keys. Article 13 of eIDAS clarifies that QTSPs' liability is engaged unless they prove otherwise in case of breach of their obligations.

Usage scenarios: PKI in action in enterprises

Scenario 1 — A corporate law firm with 25 collaborators

A firm specialising in mergers and acquisitions manages an average of 150 structured transactions per year, each requiring the signature of several dozen documents (protocols, shareholders' agreements, asset and liability warranties). Previously, the delays in collecting physical signatures extended closing by 5 to 8 business days on average.

By deploying a qualified signature solution backed by a qualified PKI, the firm assigns to each authorised partner and collaborator an X.509 qualified certificate on QSCD. Each signature is automatically verified (OCSP), timestamped and archived in PAdES-LTA format. Result: the closing delay falls to less than 24 hours for the signature phase, and maximum evidential value is assured without additional formality. Law firms of this size report on average a 70% reduction in administrative time related to signatures, according to sectoral benchmarks (Fédération nationale des avocats d'affaires, 2025).

Scenario 2 — An industrial SME managing 300 supplier contracts per year

A medium-sized manufacturing company (approximately 250 employees) enters into framework agreements, amendments and purchase orders with about one hundred European suppliers. Geographic dispersion and language barriers made document management particularly cumbersome.

By integrating an advanced electronic signature workflow (AdES) via an API connected to its ERP, the PKI automatically manages verification of signatory certificates on the supplier side (via the eIDAS Trusted Lists of each Member State), timestamping and constitution of proof files. The legal department reports a 60% reduction in follow-ups for signature collection and a decrease in contractual disputes related to disagreements over the signed version of the document. The cost per signature falls from €12 (printing, sending, physical archiving) to less than €1.50 in digital flow, in line with the ranges published by Markess by Exaegis in its 2025 overview of document management.

Scenario 3 — A public hospital group with approximately 1,200 beds

In the public health sector, administrative acts and public contracts must comply with the requirements of the Public Procurement Code and ANSSI recommendations for the security of sensitive IT systems. A hospital group managing several facilities must sign hundreds of contracts, amendments and employment contracts each year.

The adoption of an internal PKI (CA dedicated to agents, certificates on CPS cards for medical staff) combined with a SaaS signature solution for administrative acts makes it possible to meet the requirements of the NIS2 Directive (transposed into French law by Law No. 2024-449 of 21 May 2024) imposing cybersecurity risk management measures. Complete traceability of signatures, real-time verification of certificates and LTA retention of signed documents reduce the risk of challenge to administrative acts and facilitate audits by the Regional Court of Audit. Sector establishments generally report a 40 to 50% reduction in paper volume handled for HR alone, according to ANAP data (National Agency for Performance Support, 2024 report).

Conclusion

PKI — public key infrastructure — is far more than a technical system: it is the cryptographic and legal guarantor of trust in your digital exchanges. Its components (CA, X.509 certificates, OCSP, qualified timestamp) form a coherent ecosystem that ensures the authenticity, integrity and non-repudiation of your electronic signatures, in full compliance with the eIDAS regulation and the French Civil Code. Whether you are an SME, a law firm or a public body, understanding the foundations of PKI enables you to choose the signature solution adapted to your real issues — and to defend its evidential value in case of dispute.

Certyneo relies on a qualified eIDAS-compliant PKI to deliver advanced and qualified electronic signatures to enterprises. Create your account free of charge or discover our pricing to start your document transformation today.