Certificates and Certifying Authorities

• How do we know that “Alice’s public key” actually belongs to Alice?

  • Alice goes to a Certification Authority (CA), demonstrates her identity, and shows her public key. The CA digitally signs Alice’s public key, producing a certificate. Anyone can check the validity of the certificate by using the CA’s public key.

• How do we know the CA’s public key is really the CA’s public key?

  • 1. The CA also has a certificate, signed by some well-known and trusted authority like the US Post Office (chain of trust); and/or
  • 2. Lots of people you trust have vouched for it (web of trust)

Previous slide

Next slide

Back to first slide

View graphic version