identity

You can freely distribute certificates, but you need to keep identities secure. You use the freely distributed certificate and its public key for encryption processes that you can only decrypt with the matching private key. The system stores the private key part of an identity in a PKCS12 (.p12) file that it encrypts with another key that requires a passphrase.