Public-key cryptography faces the problem of the authentication of the public keys: How do we can be sure that a pair of public key/user's identity are match-ing? A related problem is how to distribute public keys trustfully. These issues are proved to be the bottleneck of a wide deployment of public-key systems, such as the RSA cryptosystem. It is here the Public Key Infrastructures (PKIs) come into play [PKIX]. The idea behind PKI is fairly simple. It basically consists in producing an analogue of the phone directory. In the'PKI directory', one should be able to find a user (or more generally an application) and the corresponding public key. Of course, this directory must in some sense be certified. To this purpose, in addition to the name and the public key, the directory also contains a certificate issued by a Certification Authority (CA). Furthermore, in order to make the system inter-operable, each user belongs to a domain and each domain has its own associated certification authority. Then, when the user (or the appli-cation) has to be identified and authenticated, he just produces the certificate issued by the CA of his domain. This certificate is a digital signature by the CA on at least the user's public key and his identity (along with some other credentials, if needed).