Bundeswehr Public Key Infrastructure (PKIBwPublic Key Infrastructure der Bundeswehr)

In the context of the Public Key Infrastructure of the Bundeswehr (PKIBwPublic Key Infrastructure der Bundeswehr), the Bundeswehr operates a certification infrastructure. The certificates generated by the PKIBwPublic Key Infrastructure der Bundeswehr serve persons, groups (functions, organizational units), technical components, applications and projects to ensure confidentiality, integrity, authenticity and reliability in information processing and transmission.

The PKIBwPublic Key Infrastructure der Bundeswehr offers its participants security in electronic applications by means of:

• Encryption: Messages and data can be protected against unauthorized access.
• Authentication: It is possible to prove your identity to systems and log in using a chip card.
• Integrity (electronic signature): Messages and data cannot be changed unnoticed and can be clearly assigned to the person who generated the signature. E-mails and documents can be signed with the electronic signature.

The fundamental tasks of the PKIBwPublic Key Infrastructure der Bundeswehr include generating the necessary asymmetric keys and the corresponding certificates, identifying the users, assigning keys and certificates to users and providing information about the validity of this assignment (e.g. blocking service, time stamp service).

Cryptographic keys and certificates are produced by the Bundeswehr TrustCenter - which also controls the technical operation of the PKIBwPublic Key Infrastructure der Bundeswehr - either as soft tokens (file) or as hardware tokens (on smart cards).

The electronic duty passes/military identification cards are a variant of the hardware tokens. They are produced and optically personalized by the Federal Printing Office, provided with keys and certificates by the Bundeswehr TrustCenter and then issued to users via the responsible local registration authorities.

The following CA certificates are the certificates issued annually by the highest certification authority (Root CA) at the Federal Office for Information Security (BSIBundesamt für Sicherheit in der Informationstechnik) for the certification authority of the Bundeswehr (BwBundeswehr V-PKIPublic Key Infrastructure CA) within the Federal Administration PKIPublic Key Infrastructure. The packed files contain the formats "cer" and "pem" and the SHA1Security Hash Algorithm 1 fingerprints. Each participant in the Federal Administration PKIPublic Key Infrastructure has to integrate these certificates and the BSIBundesamt für Sicherheit in der Informationstechnik's root certificate into the certificate memory of his or her respective application in order to be able to unambiguously verify the certification path. Only the positive verification of a complete certification path ensures that, for example, a received e-mail was actually sent by the sender specified in the message.