Bundeswehr Public Key Infrastructure (PKIBw)

Bundeswehr Public Key Infrastructure (PKIBw)

Security in electronic applications

In the context of the Public Key Infrastructure of the Bundeswehr (PKIBw), the Bundeswehr operates a certification infrastructure. The certificates generated by the PKIBw serve persons, groups (functions, organizational units), technical components, applications and projects to ensure confidentiality, integrity, authenticity and reliability in information processing and transmission.

The PKIBw offers its participants security in electronic applications by means of:

  • Encryption: Messages and data can be protected against unauthorized access.
  • Authentication: It is possible to prove your identity to systems and log in using a chip card.
  • Integrity (electronic signature): Messages and data cannot be changed unnoticed and can be clearly assigned to the person who generated the signature. E-mails and documents can be signed with the electronic signature.

The fundamental tasks of the PKIBw include generating the necessary asymmetric keys and the corresponding certificates, identifying the users, assigning keys and certificates to users and providing information about the validity of this assignment (e.g. blocking service, time stamp service).

Cryptographic keys and certificates are produced by the Bundeswehr TrustCenter - which also controls the technical operation of the PKIBw - either as soft tokens (file) or as hardware tokens (on smart cards).

The electronic duty passes/military identification cards are a variant of the hardware tokens. They are produced and optically personalized by the Federal Printing Office, provided with keys and certificates by the Bundeswehr TrustCenter and then issued to users via the responsible local registration authorities.

The following CA certificates are the certificates issued annually by the highest certification authority (Root CA) at the Federal Office for Information Security (BSI) for the certification authority of the Bundeswehr (Bw V-PKI CA) within the Federal Administration PKI. The packed files contain the formats "cer" and "pem" and the SHA1 fingerprints. Each participant in the Federal Administration PKI has to integrate these certificates and the BSI's root certificate into the certificate memory of his or her respective application in order to be able to unambiguously verify the certification path. Only the positive verification of a complete certification path ensures that, for example, a received e-mail was actually sent by the sender specified in the message.

Certificates for download

Certificates prior to 2017

If certificates prior to 2017 are required, they can be requested from the TrustcenterBw.

PKIBw public documents

Fingerprints and download of the BSI root certificates

PKIBw points of contact