While until 1st of April 2024 most communications between energy market participants (roles) were relying on automatically processed [https://de.wikipedia.org/wiki/EDIFACT EDIFACT] messages in email, this is changed to a [https://www.edi-energy.de/index.php?id=38&tx_bdew_bdew%5Buid%5D=1608&tx_bdew_bdew%5Baction%5D=download&tx_bdew_bdew%5Bcontroller%5D=Dokument&cHash=5fbee16dcbd284d5f9899875d50353de machine-to-machine communication via webservices], using [[wikipedia:AS4|AS4]] encrypted payloads. The [https://www.edi-energy.de/index.php?id=38&tx_bdew_bdew%5Buid%5D=1606&tx_bdew_bdew%5Baction%5D=download&tx_bdew_bdew%5Bcontroller%5D=Dokument&cHash=6b7d02fa38030119e628544f92fcdc07 requirements] for the XML encryption / signing public key infrastructure (PKI) leans on Diffie-Hellman key exchange procedures. The keys algorithms themselves however can be based on [https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.pdf?__blob=publicationFile&v=9 anything] commonly accepted like: RSA, Diffie-Hellman, DLIES or Elliptic-Curve.
===== Smartmeter PKI functions =====The smart meter gateway contains a [https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03109/TR-03109-2-Anforderungen_an_die_Funktionalitaet.pdf?__blob=publicationFile&v=3 security module], which is used to controll the meters PKI function using the proprietary BSI PACE-Protokoll(Password Authenticated Connection Establishment).
=====Backend Keygen and Distribution=====