Abstract. Public-key cryptography is a prerequisite for security in distributed systems and for reliable electronic commerce. The protection of public keys against attacks is the Achilles’ heel of public-key cryptography. It is the goal of public-key infrastructures to provide the authenticity of the public keys for its participants. Formal models (called trust models) contribute decisively to a deeper understanding of the desirable design principles for these infrastructures. The present paper gives a trust model on the basis of a coloured Petri net. The graphic representation of nets of this type makes them easily understandable even for unexperienced users. In an application in electronic commerce the process formalized by this Petri net will be embedded in a cryptographic protocol which again will be an important part of a larger business process. So, the model of this paper is a useful module in business processes that are common in electronic commerce.