Certificates and Certificate Authorities (CAs)

The previous section emphasized the need for public keys to be distributed in a trustworthy manner. Simply sending the key electronically should not be considered safe as the message might be tampered with on the way, though this is done in many cases. Having one person physically hand another a memory-stick containing the key would be probably acceptable, but is usually impractical. The solution used on the Internet is to use a trusted third party called a Certificate Authority (CA).

A CA is an organization which specializes in issuing public key certificates. They only issue certificates to parties (or subjects) after they have provided sufficient documentary evidence of their identity. There are only a few CAs in the world and, since their viability relies on their trustworthiness, they can usually be relied on to do a good job of validating their subjects.

Each CA has its own private-public key-pair and its own certificate (called a root certificate). Since there are so few CAs and since they rarely change their keys, it is feasible for software to be distributed with a list of the certificates of all existing CAs. For example, Microsoft's and Netscape's browsers are both distributed with files containing lists of root certificates.

A certificate issued to a subject by a CA contains:

• the identification of the subject,
• the public key of the subject,
• the identification of the CA which issued the certificate, and
• the digital signature, provided by the CA, which verifies the contents of the message.

A subject's certificate may be validated in the following way:

1. Use the identification of the CA to find the appropriate root certificate.
2. Use that root certificate to check the digital signature and thereby prove that the CA issued the certificate and that the information in the certificate has not been tampered with.
3. Verify the identification of the subject.

Once this has been done, the party can trust that the public key in the certificate is indeed the public key that they expected. This public key may henceforth be used to establish secure communications with the subject in the manner described in Section 12.

Note that although the CA has signed a certificate containing the public key of the subject, the CA does not have the subject's private key. To issue a certificate, the CA only requires access to the public key. The CA obtains this public key from the subject applying for a certificate. It is therefore up to the subject to generate the private-public key-pair before applying to a CA for a certificate.

Next: Obtaining Keys and Certificates