# PKI

For authentication purposes, iSHARE requires adhering and Certified Parties to acquire an X.509 certificate, which is distributed by a trusted root under certain PKIs (Public Key Infrastructure). For interoperability on a European scale, all trusted roots under the eIDAS regulation will be trusted within iSHARE.

### Brief description <a href="#pki-briefdescription" id="pki-briefdescription"></a>

A PKI is a system for the distribution and management of digital keys and certificates, which enables secure authentication of parties interacting with each other.

Generally, three different methods exist for creating trust within PKIs. These are through 'Certificate Authorities', 'Web of Trust' and 'Simple PKI'. Within iSHARE, the 'Certificate Authority' approach is used, and as such, the other methods will not be discussed.

A PKI can be considered a chain of certificates. At the beginning of the chain is the root 'Certificate Authority' (CA), a public trusted party which is allowed to digitally sign its own certificates (SSC, self-signed certificate). This 'Root CA' distributes certificates and encryption keys to organisations. The certificate is signed by the 'root CA' as proof that the owner of the certificate is trusted. These organisations can start distributing certificates as well, if allowed by their root. They become CAs, and as such, sign the certificates that they distribute. Repeating these steps, a chain of certificates is created, with each certificate signed by the CA that distributed the certificate.

Parties need to trust a certificate for authentication purposes. Instead of trusting individual certificates of organisations, root certificates can be trusted. By trusting a root, all certificates that have the root within their PKI chains are automatically trusted. Most large root CAs are automatically trusted within web browsers, enabling computers to safely interact with most web servers.

### Trusted roots and eIDAS <a href="#pki-trustedrootsandeidas" id="pki-trustedrootsandeidas"></a>

iSHARE supports digital certificates that are recognised under eIDAS as Advanced or Qualified Certificates. The eIDAS regulation aims to provide secure and seamless electronic interactions between businesses, citizens and public authorities throughout the entire European Union. A main part of this regulation is that each EU country is required to establish and maintain 'trusted lists', among which trusted root information is found. Each EU country is required to implement these trusted lists in their own country. Therefore, iSHARE aims to make use of these trusted lists as trust roots within iSHARE to ensure secure and seamless interaction throughout the entire EU.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dev.ishare.eu/introduction/specific-technical-standards/pki.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.