The increasing number of internal and external users to ESCB services requires advanced security services, such as strong authentication (i.e. two-factor authentication), digital signature and encryption.

In this context it is understood that a new Public Key Infrastructure (PKI) capable of issuing all certificate types required for the ESCB should be implemented to address these requirements. This is known as the ESCB-PKI.

The ESCB-PKI complements the services provided by other Certification Authorities accepted by the ESCB.

The main functionalities of the ESCB-PKI services can be summarised as follows:

  • Verify the identity of a subject previous to the issuance of a certificate
  • Create and sign certificates
  • Process requests and reports related to the revocation status in order to determine the necessary actions to be taken
  • Provide certificate revocation status to relying parties
  • Recover private keys associated with encryption key usage certificates (only for internal users)
  • Manage and distribute cryptographic tokens (e.g. smart cards)
© European System of Central Banks. All rights reserved