Essai Gratuit
Contact

Knowledge Base

Base de connaissancesAll

What is private key?

Mis à jour le 11 mars 2026

What is a Private Key? 

Overview: 

This article provides a high-level explanation of private keys, their role within Public Key Infrastructure (PKI), and how they support secure digital communication across systems such as SSL/TLS, Code Signing, and SMIME.  This document provides essential guidelines for anyone using certificates to protect their private key. Private keys are critical for securing digital communications, ensuring authentication, confidentiality, and the integrity of information. Safeguarding your private key is vital to prevent unauthorized access, data breaches, or identity forgery. 
The document outlines how to store, protect, and respond if your private key is compromised. By following these best practices, users can maintain the security and reliability of their digital certificates, whether they are used for SSL, Code signing, or SMIME purposes. 

 

How Private Keys Work 

private key is a cryptographic value that enables secure authentication, encryption, and digital signing. It is always paired with a public key, forming a public–private key pair. The public key is shared openly, while the private key must remain confidential. 

Private keys play a central role in verifying identity, ensuring confidentiality, protecting data integrity, and preventing repudiation during digital communication. When data is encrypted with a public key, only the corresponding private key can decrypt it, ensuring that sensitive information is accessible only to its intended recipient. 

Private keys are created during the certificate enrollment process. The public key is embedded in the digital certificate, while the private key remains securely stored on the system that generated the Certificate Signing Request (CSR). 

 

Key Components of PKI and Private Keys 

  • What is PKI? 
    PKI consists of technical mechanisms and policies to secure communications. It enables people and businesses to engage in secure, legally binding online activities, such as email exchanges and transactions, through encryption using public and private key pairs. 
    Encryption & Decryption: Data is encrypted using a public key and can only be decrypted with its corresponding private key. This ensures that sensitive information remains confidential, even if intercepted by unauthorized parties. 

 

Component A: Digital Certificates 

Digital certificates validate identities online and enable secure transactions. They are built upon PKI and provide: 

  • Identification/Authentication – Verifies the identity of a communicating party. 

  • Confidentiality – Ensures data is only accessible to authorized recipients. 

  • Integrity – Detects any unauthorized modification of data. 

  • Non-repudiation – Prevents involved parties from denying participation. 

  • Access Control – Restricts data access to authorized individuals. 

 

Component B: Public & Private Key Pair 

Public and private keys are cryptographically linked. The public key encrypts data, and the private key decrypts it. The security of all encrypted communications depends on keeping the private key strictly confidential. 

Component C: Private Key Storage 

Private keys are stored in encrypted form, typically on: 

  • A computer’s hard drive 

  • A smart card or USB token 

Component D: Security Controls 

Private keys are protected using: 

  • Strong passwords during key generation 

  • Access controls, including physical protection of devices storing the key 

 

Use Cases 

Private keys are commonly used for: 

  • Securing web traffic with HTTPS 
    Private keys support SSL/TLS certificates, enabling encrypted, authenticated communication between browsers and websites. 

  • Authenticating users to secure systems 
    Private keys help validate a user or device identity for VPN access, enterprise networks, or privileged systems. 

  • Digitally signing important documents and software 
    Private keys create digital signatures used in code signing, email signing (SMIME), and document validation. 

 

Protecting a Private Key 

To maintain security: 

  • Never leave your computer, smart card, or USB token unlocked or unattended. 

  • Do not share your private key with anyone. 

  • Use strong, unique passwords. 

  • Physically secure devices that store the key. 

 

If Your Private Key Is Compromised 

If you suspect your private key has been exposed or misused: 

  1. Notify your Certificate Authority (CA) immediately. 

  1. Revoke all certificates associated with the compromised key. 

  1. Issue new certificates with a newly generated key pair. 

Prompt revocation prevents attackers from impersonating you, forging signatures, or accessing sensitive systems. 

 

Consequences of Sharing or Exposing a Private Key 

  • Your certificate must be revoked or reissued immediately. 

  • If Sectigo (as the CA) determines that your key was shared, compromised, or generated insecurely, all affected certificates will be revoked within 24 hours. 

  • Revocation is automatic if the key is discovered in insecure locations (e.g., CSR decoders) or created using vulnerable software. 

Besoin d'aide ?

Besoin d'aide pour effectuer un achat ? Contactez-nous dès aujourd'hui pour que votre certificat soit délivré immédiatement.

Chat en direct

Cliquez sur le bouton ci-dessous ou cliquez sur « Chat avec un expert » pour commencer à chatter avec nous dès maintenant !

Commencer le chat

Appelez-nous aujourd'hui

États-Unis
+1 888 266 6361
France
+33 3 66 72 95 95
Italie
+39 02 4792 1708
Espagne
+34 900 838 451
Allemagne
+49 800 1002328
International
+1 914 732 844

Ressources