Certification of Public Keys

Let’s learn about the most popular mechanism for providing assurance of purpose, namely the public-key certificate.

Motivation for public-key certificates

The main challenge for the management of public keys is providing assurance of purpose of public keys.

We need assurance of the purpose of public keys since this is of crucial importance in public-key management.

A scenario

Suppose Bob receives a digitally signed message claiming to have been signed by Alice and Bob wants to verify the digital signature. This requires Bob to have access to Alice’s verification key. Suppose Bob is presented with a key (we do not concern ourselves with how this is done) alleged to be Alice’s verification key. Bob uses this key to ‘verify’ the digital signature, which appears to be correct. What guarantees does Bob have that this is a valid digital signature by Alice on the message?

As is often the case in security analysis, the best way of approaching this question is to consider what might have gone wrong. Here are some questions Bob would be strongly advised to consider, especially if the digital signature is on an important message:

Get hands-on with 1200+ tech skills courses.