---
url: 'https://www.corbado.com/faq/do-passkeys-use-pki'
title: 'Do Passkeys Use PKI?'
description: 'Discover whether passkeys use Public Key Infrastructure (PKI) in authentication. Learn how passkeys operate, their connection to PKI, and the security benefits.'
lang: 'en'
keywords: 'passkeys are based on public-key infrastructure'
---

# Do Passkeys Use PKI?

## Do Passkeys Use PKI?

Yes, passkeys use Public Key Infrastructure (PKI) as part of their core technology to
securely authenticate users. PKI is a system that uses pairs of cryptographic keys: a
public key that is shared openly and a private key that is kept secret. Passkeys leverage
this system to ensure that only the rightful owner of the private key can authenticate,
providing a high level of security.

> - **Passkeys use Public Key Infrastructure (PKI) for secure authentication.**
> - Passkeys utilize a pair of cryptographic keys: one public and one private.
> - The private key never leaves the user’s device, enhancing security.
> - PKI ensures that passkeys are resistant to [phishing](https://www.corbado.com/glossary/phishing) and other
>   attacks.

---

### Understanding How Passkeys Use PKI

Public Key Infrastructure (PKI) is a crucial technology behind the
[security of passkeys](https://www.corbado.com/faq/are-passkeys-safe). PKI involves the creation, distribution,
and management of cryptographic keys. In the context of passkeys, here's how PKI works:

- **Cryptographic Key Pair:** Passkeys are based on a key pair - one public and one
  private. The public key is stored on the server, while the private key remains securely
  on the user’s device.

- **Authentication Process:** When a user attempts to log in, the server sends a challenge
  that is signed by the private key on the user's device. The server then verifies this
  signature using the stored public key, ensuring that the user possesses the
  corresponding private key.

- **Zero-Knowledge Proof as Security Benefit:** The server does not need to know or store
  the private key, which further protects the user’s credentials.

### The Role of PKI in Passkey Technology

Passkeys, as part of the WebAuthn standard, rely heavily on PKI. This connection brings
several key advantages to the table:

- **Decentralized Trust:** PKI enables a decentralized model where trust is distributed
  across a network rather than centralized in a single entity. This reduces the risk of
  [large-scale](https://www.corbado.com/blog/introducing-passkeys-large-scale-overview) breaches.

- **Key Management:** PKI provides a robust framework for managing the lifecycle of
  cryptographic keys, including their creation, storage and distribution.

- **Scalability:** PKI scales well across various platforms and devices, which is
  essential for widespread adoption of passkeys as a standard authentication method.

In conclusion, passkeys do indeed use PKI as a fundamental part of their security
architecture, offering a secure, scalable, and [phishing](https://www.corbado.com/glossary/phishing)-resistant
authentication method that aligns with modern security standards.

---