A digital certificate is nothing more than a public key that has been digitally signed
by a third party. That third party is known as a certificate authority (CA) and is the
person or business that certifies that the public key belongs to the sender.
Now, instead of providing the sender??™s public key to the recipient, the sender provides
a CA-signed public key (a digital certificate) to the recipient. The certificate
proves to the recipient that the sender??™s public key actually belongs to the sender.
First, the recipient decrypts the certificate using the CA??™s public key and computes a
digest of the sender??™s public key contained in the result. The recipient compares the
two digests (the one created by the CA and the one created by the recipient), and if
they are the same, the recipient knows that the sender??™s public key is good and was
actually signed by the CA.
Second, the recipient uses the validated (authenticated) sender??™s public key to validate
the digital signature of the message.
To trust a certificate the recipient must trust the CA that signed it. Unfortunately,
there is no automatic means for collecting trusted CA certificates. Instead, it is up to
the recipient (and the recipient??™s software) to collect only trusted CA certificates.
Some CAs are well known and are thus included in many public key systems (such as
web browsers).
Pages:
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386