Users of the public administration PKI receive a certified key pair that they can use as a kind of 'digital ID card', and which is used for identification, encryption and the creation of electronic signatures. The cornerstone of a hierarchical infrastructure of this kind is the Policy Certificate Authority (PCA). This PCA handles the certification of the subordinate certificate authorities (CAs) and provides its root certificate for the verification of the chain of trust. For the public administration PKI, this security cornerstone has been operated at the BSI since 20 February 2001.

In electronic administration and business processes, a high level of security is achieved by the integration of signature and encryption functions. This makes the integrity, authenticity and protection of confidentiality for e-mail communication, the integration of mobile and outsourced teleworking workspaces over the internet or the reliable provisioning of information on service portals a great deal more secure.

The deployment of internationally recognised standards such as S/MIME (Secure Multipurpose Internet Mail Extensions), PKCS (Public Key Cryptography Standard) and X.509 (international standard for public key certificates), as well as compliance with organisational rules, facilitates an interoperable PKI solution within the heterogeneous IT (information technology) landscapes found in the public administration. Future plans include the adoption of the ISIS-MTT (Industrial Signature Interoperability and MailTrusT Specification) standard, which is intended to ensure interoperability between systems with different security levels (vertical interoperability) as well as between different manufacturers or between different platforms (horizontal interoperability).

However, the deployment of a PKI beyond internal communication boundaries requires the mutual recognition of the (root) certificates for the respective infrastructures used. To fulfil this requirement, the public administration PKI has joined the European Bridge CA (EBCA) operated by TeleTrusT Deutschland e.V.: EBCA is designed to close the 'trust gap' between existing PKIs by assuming the role of a trust broker for the various parties. Since this is being achieved by the deployment of open standard interfaces on a neutral, scalable and manufacturer-neutral platform, freeform electronic communication between businesses and public officials can already be implemented with an approach that is fast, inexpensive and involves no loss of trust.