The introduction of public key cryptography (PKC) was a critical advance in IT security. In contrast to symmetric key cryptography, it enables confidential communication between entities in open networks, in particular the Internet, without prior contact. Beyond this PKC also enables protection techniques that have no analogue in traditional cryptography, most importantly digital signatures which for example support Internet security by authenticating software downloads and updates. Although PKC does not require the confidential exchange of secret keys, proper management of the private and public keys used in PKC is still of vital importance: the private keys must remain private, and the public keys must be verifiably authentic. So understanding so-called public key infrastructures (PKIs) that manage key pairs is at least as important as studying the ingenious mathematical ideas underlying PKC.

In this book the authors explain the most important concepts underlying PKIs and discuss relevant standards, implementations, and applications. The book is structured into chapters on the motivation for PKI, certificates, trust models, private keys, revocation, validity models, certification service providers, certficate policies, certification paths, practical aspects, automation, and migration of PKI to post-quantum cryptography.

This is a suitable textbook for advanced undergraduate and graduate courses in computer science, mathematics, engineering, and related disciplines, complementing introductory courses on cryptography. The authors assume only basic computer science prerequisites, and they include exercises in all chapters and solutions in an appendix. They also include detailed pointers to relevant standards and implementation guidelines, so the book is also appropriate for self-study and reference by industrial and academic researchers and practitioners.

Johannes A. Buchmann received a PhD in Mathematics in 1982. He is Professor Emeritus of Computer Science and Mathematics at TU Darmstadt specializing in cryptography, IT security, and quantum computing. In 1993 he received the Leibniz Award of the German Research Foundation, the most prestigious science award in Germany. He is a member of the German National Academy of Sciences Leopoldina and the German Academy of Science and Engineering. He is also the author of the Springer Undergraduate Text in Mathematics "Introduction to Cryptography".

Nina Bindel received her PhD in 2018. During her doctoral studies and subsequent positions at various research institutes and companies, her research has focused on post-quantum cryptography (PQC) and the PQ migration of cryptographic protocols. She currently works as a project manager at MTG AG, where she leads and coordinates projects centered on the practical deployment and management of secure PKIs.

Johannes Braun received his PhD in computer science in 2015. He currently serves as Head of the University Computing Center at the Technical University of Darmstadt, following several years as the university’s Chief Information Security Officer, where he led the information security team. During his time as a doctoral candidate and later as a postdoctoral researcher, he conducted research and taught in the fields of IT security and PKI, with a particular focus on large-scale systems such as the Web PKI. 

Evangelos Karatsiolis earned his PhD in Computer Science in 2007. He is a software architect at MTG AG in Darmstadt, specializing in public key infrastructure (PKI). With over 25 years of experience, he has designed and implemented numerous PKI systems and contributed to several open-source projects in the field. In addition to his industry work, he has spent several years lecturing on PKI.

Alexander Wiesmaier obtained his PhD in computer science in 2008. He holds a professorship for cyber security at Darmstadt University of Applied Sciences and is there co-leading the research group Applied Cyber Security Darmstadt ACSD. He is specializing in applied cryptography with a focus on long-term security. His research and teaching includes security protocols and security infrastructures, such as PKI.