A certificate is a structured document that binds some information (such as Bob's name) to a public key, and is digitally signed by a trusted third party called a certification authority or CA. To verify a certificate, the user of the . . .
A certificate is a structured document that binds some information (such as Bob's name) to a public key, and is digitally signed by a trusted third party called a certification authority or CA. To verify a certificate, the user of the public key must first obtain the public key of the CA by some other trusted means. Although it seems that we are now back to square one, the difference is that we now only have to get one key in order to communicate with any entity which has a certificate issued by that trusted CA. Additionally, if the CA is able to certify the public key of other CAs, which in turn certify other CAs, we will be able to securely communicate with any entity, providing that we can find a chain of certificates between the CA which we trust and the CA which certified the key of the entity with whom we wish to communicate.

A CA is also responsible for revoking certificates when they are no longer considered valid; that is, the bond between the user?s identity and the use of the private key associated with the public key that is established in the certificate is no longer valid. The most common mechanism for distributing certificate revocation information is a certificate revocation list (CRL).

A registration authority (RA) is an authority equipped with software responsible for verifying that certificate requestors identify themselves according to the policies defined by the issuing organization. The RA software authorizes the CA to issue a certificate and also securely passes the certificate request to the CA.

The link for this article located at SC Magazine is no longer available.