Digital Certificates

Purpose: to bind a particular public key to a particular entity

A Certificate is a data structure containing information such as:

User Name (often includes organizational affiliation)
User's Public Key
Name of Certification Authority (CA) issuing the certificate
Other attributes (e.g., policy used by CA to verify entity)

This data structure is digitally signed with the CA's private key

So how do we trust the CA's public key ?

There may be chains of certificates needed to verify a given exchange

This suggests the need for a "Public Key Infrastructure" (a CA heirarchy?)