PKI allows users to interact with other users and applications to obtain and verify identities and keys from
trusted sources. The actual implementation of PKI varies according to specific requirements. Key elements of the infrastructure are as follows:
• Digital certificates—A digital credential is composed of a public key and identifying information about the owner of the public key. The purpose of digital certificates is to associate a public key with the individual’s identity in
order to prove the sender’s authenticity. These certificates are electronic documents, digitally signed by some trusted entity with its private key (transparent to users) that contains information about the individual and his or her public key. The process requires the sender to “sign” a document by attaching a digital certificate issued by a trusted entity. The receiver of the message and accompanying digital certificate relies on the public key of the trusted third-party certificate authority (CA) (that is included with the digital certificate or obtained separately) to authenticate the
message. The receiver can link the message to a person, not simply to a public key, because of their trust in this third party. The status and values of a current user’s certificate should include:
- A distinguishing username
- An actual public key
- The algorithm used to compute the digital signature inside the certificate
- A certificate validity period