• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 13. Cryptography > Certificates and Certificate Authorities

Certificates and Certificate Authorities

A public-key certificate is a message containing a public key, a name, and some dates of validity, all signed by the private key of a trusted certificate authority (CA).

The primary purpose of a certificate is to attest to the connection between the public key and the name of its owner. One should read a certificate as, “I, the certification authority, attest that the attached public key belongs to the entity named herein.” Certificates are very useful because they offer a solution to the problem of authentication without requiring an online KDC. Alice and Bob can go to the CA independently for their public keys to be signed. When Alice wants to communicate with Bob, she sends Bob her public-key certificate along with her signed message. Bob is able to validate the certificate because the public key of the CA is (and must be) known to everyone. The other situation in which a public-key certificate is very useful is when Alice wants to send an encrypted message to Bob. If Alice does not already have Bob's public key, she first obtains it either from Bob directly or from a directory service. In both cases, Alice wants to be sure that the key really belongs to Bob, because it is possible that someone has tampered with the directory service. Fortunately, a certificate stands by itself—built into it is the statement from the CA that the public key is Bob's. Alice might then wonder if the person using Bob's certificate is really Bob. She can be sure of this because only Bob has the private key that matches the public key in Bob's certificate.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint