Create

Jack’s Public Key

Key Pair

Jack

 

 

Jack’s Private Key

 

 

CA’s Public Key

Identity Info +

 

 

Jack

Certificate Authority

CA’s Private Key

Jack’s Public Key

 

(Also performs Identity Verification on Jack)

Certificate Request

 

 

Jack’s Private Key

 

 

(Stays Private)

Identity Info +

 

 

 

 

CA Info +

 

 

Jack’s Public Key

 

 

Preliminary Certificate

 

Identity Info +

One-Way Function/Hash Function

 

 

CA Info +

 

 

Jack’s Public Key

Encryption

 

CA’s Digital

 

 

Signature

 

 

Jack’s Public Key

 

 

Certificate

 

 

Figure 19 - Certificate Authority

Jack goes through a key pair generation process and creates a public and private key pair. The private key is kept secret. The public key is associated with some identity information and is given to a Certificate Authority. The certificate authority generates a certificate, usually specific to a purpose such as email, and signs the certificate with its digital signature. Assuming there is a place where these digital certificates are publicly available, as long as Jack and John can agree to trust a specific certificate authority, they’ll be fine trusting certificates signed by that authority. Refer to Figure 20.

17