In order to use public key systems,
the public key of every user has to be correct. Therefore a trusted third
key, for example a Certification Authority or a key server, is responsible
for generating a document, call the Public Key Certificate of the user.
The public key certificate of A is A's public key, with some other information
of A, and bears the Digital Signature of the C.A. or key server. The public
key certificate, or simply called the certificate, is the means of distributing
the public keys.
The C.A. has its own public key and private key. The public key of the C.A. is announced extensively so that everyone must know it.
Because the public key certificate bears the digital signature of the C.A., any modification after the certificate is generated will be spotted.
 |