PrivMX Public Key Infrastructure

PrivMX PKI is a decentralized solution that publishes and validates public keys of users and servers. With access to verified public keys it is possible to verify message senders.

The PrivMX decentralized Public Key Infrastructure is based on ideas related to the CONIKS specification https://coniks.cs.princeton.edu/.

Each PrivMX server manages its own database of public keys and makes it available through APIs to client programs. Clients can also read the hash (SHA256) of the contents of the entire database and the full history of its changes (in the form of a blockchain structure). This enables public key databases to be effectively audited and monitored by any other PrivMX servers.

Each retrieved public key is accompanied by a validation proof based on the hash of the whole database. Validation of the downloaded key consists of two steps: (1) validation of the database hash based on its history and audits supported by trusted servers (web-of-trust), and (2) checking of the supplied validation proof.


Learn more...