Create | Jack’s Public Key |
|
|
Key Pair |
|
| |
Jack |
|
|
|
| Jack’s Private Key |
|
|
|
|
| CA’s Public Key |
Identity Info + |
|
| |
Jack |
| Certificate Authority | CA’s Private Key |
Jack’s Public Key | |||
| (Also performs Identity Verification on Jack) | ||
Certificate Request |
|
| |
Jack’s Private Key |
|
|
|
(Stays Private) |
| Identity Info + |
|
|
|
| |
|
| CA Info + |
|
|
| Jack’s Public Key |
|
|
| Preliminary Certificate |
|
Identity Info + | |||
|
| ||
CA Info + |
|
| |
Jack’s Public Key | Encryption |
| |
CA’s Digital |
|
| |
Signature |
|
| |
Jack’s Public Key |
|
| |
Certificate |
|
| |
Figure 19 - Certificate Authority
Jack goes through a key pair generation process and creates a public and private key pair. The private key is kept secret. The public key is associated with some identity information and is given to a Certificate Authority. The certificate authority generates a certificate, usually specific to a purpose such as email, and signs the certificate with its digital signature. Assuming there is a place where these digital certificates are publicly available, as long as Jack and John can agree to trust a specific certificate authority, they’ll be fine trusting certificates signed by that authority. Refer to Figure 20.
17
