A method for generating a key pair and transmitting a public key or request file of a certificate in security is provided. Usually, when a user applies for a certificate, a public-private key pair is always generated by a client side; the public key is combined with the user information to form the certificate; the CA's signature enables validity of user's certificate. However, in other cases, the client side is not a perfectly secure environment, so the private key of the user generated from the client side may be filched by a hacker, or may be replaced by a forged public key. On this occasion, the hacker can disguise the user without being detected. The method of the present invention is to use an information security device to generate a public-private key pair, the private key is saved within the information security device; the public key can be exported; and the information security device can generate authentication information for verifying the public key. The CA can determine whether the public key is generated by the information security device or not by verifying the authentication information. By the method provided by the present invention, the security of online transactions can be ensured effectively.