The ICAO Public Key Directory (PKD) is a central repository for exchanging the information required to authenticate ePassports. The ICAO PKD provides an efficient means for states to upload their own information and download that of other states.

The information below is provided for convenience only. Always refer to ICAO's latest official standards for up to date information, refer to ICAO Publications.

PKD Objects Paths on ICAO

The following sections list PKD objects paths to and from the ICAO upload and download areas.

PKD Objects Paths to ICAO Upload Area

The following lists PKD objects paths to the ICAO upload area:

  • DS Certificates

cn=<cn>+sn=<sn>,o=dsc,c=<c>,dc=data,dc=upload,dc=pkd,dc=icao,dc=int

  • CRL

cn=<cn>, o=crl, c=<c>, dc=data, dc=upload, dc=pkd, dc=icao, dc=int

  • CSCA Master List

cn=<cn>,o=ml,c=<c>,dc=data,dc=upload,dc=pkd,dc=icao,dc=int

  • Deviation List

cn=<cn>,o=dl,c=<c>,dc=data,dc=upload,dc=pkd,dc=icao,dc=int

  • Registry Contact Information

cn=<cn>+sn=<sn>,o=<o>,c=<c>,dc=registry,dc=upload,dc=pkd,dc=icao,dc=int

PKD Objects Paths from ICAO Download Area

The following lists PKD objects paths from the ICAO download area:

  • Conformant Content

dc=data,dc=download,dc=pkd,dc=icao,dc=int

  • Non-Conformant Content

dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int

  • Full Content

dc=download,dc=pkd,dc=icao,dc=int

  • Conformant DS Certificate

c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int

Query: (&(o:dn:=dsc) (objectclass=inetOrgPerson))

  • Non-Conformant DS Certificate

c=<c>,dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int

Query: (&(o:dn:=dsc) (objectclass=inetOrgPerson))

  • Conformant CRL

c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int

Query: (objectclass=cRLDistributionPoint)

  • Non-Conformant CRL

c=<c>,dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int

Query: (objectclass=cRLDistributionPoint)

  • Conformant CSCA Master List

c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int

Query: (objectclass=pkdMasterList)

  • Non-Conformant CSCA Master List

c=<c>,dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int

Query: (objectclass=pkdMasterList)

  • Conformant Deviation List

c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int

Query: (objectclass=pkdDeviationList)

  • Non-Conformant Deviation List

c=<c>,dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int

Query: (objectclass=pkdDeviationList)

  • Registry Contact Information

c=<c>,dc=registry,dc=download,dc=pkd,dc=icao,dc=int

Query: (objectclass=inetOrgPerson)


The placeholder ”<c>” has to be replaced with the ISO 3166ALPHA-2 country code