Users of a public-key system must access the public keys of other users. One means to distribute public keys is certificates. A certificate is a public document containing information identifying a user, the user's public key, a time period during which the certificate is valid, and other information. Certificates are typically issued, managed, and signed by a central issuing authority called a CA (Certification Authority).
One method by which certificates can be distributed is described in the following example. User A and User B register with a CA. During the registration process, the users provide their public key information to the CA. The CA, in turn, provides each user with the following information:
The users store their certificates in a public directory (e.g., the X.500 Directory). At some future time, User A (the originator) sends a signed message to User B (the recipient). The message is signed using the originator's private key. Upon receipt, the recipient queries the public directory to obtain the originator's public key certificate. The recipient first uses the CA's public key to validate the certificate's signature, then verifies the originator's message signature using the public key contained in the certificate. One advantage of this scheme is that since public information is being transmitted, insecure data channels may be used for the communication. The digital signatures assure the integrity and authenticity of the information. This example is illustrated in figure 11.6.
Figure 11.6: Key Distribution Using a Certification Authority.
In the above example, the two users were registered with the same CA. In practice, users may be certified by different CAs. In the case where two users who communicate frequently are certified by two different CAs, the CAs may certify each other. In other words, the two CAs may store each other's public keys in certificates signed by the certifying CA. This concept is called cross certification. In scenarios where there are large numbers of users and CAs, arranging the CAs in a hierarchy (see sec. 11.5.3) is more practical than requiring every CA to cross certify every other CA.