The combination of symmetrical and asymmetrical encryption methods enable initially unsecured connections to be used to establish secure data communications. Until now, the aspect of authenticity has been ignored. How should Alice know that the public key really does come from Bob? The use of public keys thus depends directly on the trust in the authenticity of the communications partner.
To secure this trust, a confirmation of the key pairs for use with asymmetrical encryption can be issued by publicly recognized and trustworthy authorities. In Germany, for example, the highest authority for the confirmation of digital keys is the Federal Network Agency for electricity, gas, telecommunications and railways (Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen). This agency in turn issues accreditations to suitable service providers who are viewed as equally trustworthy.
The task of this organization is to attribute a public key to just one person or organization. This attribution is recorded and officially publicized in a certificate. Consequently these providers are known as "Certification Authorities", or CAs for short. The uppermost certification authority is known as the Root CA.
Bob can now approach a CA to have his public key certified as belonging to him. He submits his public key to the CA who then confirm that the key belongs to Bob.
The CA issues a certificate which lists the public key and further information about Bob, such as his identity, among others.
The certificate carries the signature of the CA to show that the confirmation itself is genuine. The certificate takes up just a small amount of data and is suitable for exchange with an asymmetric method. With a signature, however, the asymmetric method is used in the opposite direction:
- The CA, too, has a key pair consisting of private and public keys. Since this is a trustworthy authority, their key pair can be considered as reliable.
- The CA calculates a hash value for the certificate, encrypts this and uses it in the signature in Bob's certificate. This acts to confirm the attribution of Bob's public key to his identity. This procedure behaves in the opposite manner to the normal asymmetrical encryption. In this case, the encryption does not fulfill the task of protecting the data from unauthorized persons, but confirms the signature of the CA instead.
- Any data communications participant anywhere in the world with the public key from the CA is now in a position to check the signed certificate. Only the CA is in a position to use their private key to generate signatures that can be decrypted again by using the CA's public key. This signature guarantees that the certificate is genuinely sourced from the issuing CA.