Digital certificates

A digital certificate is a digitally signed data structure that binds a public key to the identity of the private key's owner. The use of digital certificates ensures that the user of a public key can be confident of the ownership of the corresponding private key.

Digital certificates are issued by a trusted body, known as a Certificate Authority (CA), that is typically independent of the message sender and receiver (although if there is a trust relationship between the sender and the receiver, the certificate can be issued by one or the other). The certificate is encrypted with the CA's private key, and can be decrypted using the CA's public key, which is freely available to anyone who needs to read the certificate.

Following decryption, a valid certificate assures the reader that the certificate was indeed issued by the CA, and that the certificate has not been tampered with or forged.

A digital certificate contains information that identifies the certificate owner, and the certificate owner's public key, and is digitally signed by the CA. The receiver of a message containing a certificate uses the CA's public key to decrypt the certificate, verifies that it was issued by the CA and then obtains the sender's public key and identification information held within the certificate.