Creation and Use of the Certificate
24. The certificate is used to identify a public key with a particular signatory. In the illustration, Signicorp has represented that the public key in the certificate belongs to Mr Blank of Videomad. Apart from the public key, the certificate contains such other items of information as may be agreed between the CA and the signatory. If the CA has not created the key pair then the information is put into an electronic document, digitally signed by the signatory (see paragraphs18-22) and sent by the signatory to the CA who uses the signatory’s public key to verify that the signatory’s key pair functions properly. The CA then puts this information into a standard certificate format and digitally signs the certificate (as explained in paragraphs 18-22). When the signatory sends an electronic document which he has digitally signed he sends with it the certificate and the encrypted summary of the certificate which is the CA’s signature. The receiver’s computer will usually carry out a check as to whether the certificate has been revoked before using the signatory’s public key, as shown in the certificate, in the verification process described in paragraph 22.
| Document | Stage 1 - Mathematical Process | Summary of Document | Receiver compares these two summaries | |
| Encrypted summary of document | Stage 2 - Sender's Public Key. Decrypts Summary of Document | Summary of Document | If same the following is proved: | |
| Certificate includes Sender's Pulbic Key | (1) The received document summary was encrypted using the private key pair of the public key | |||
| Encrypted summary of certificate | (2) The document has not been altered enroute to the receiver | |||
Receiver: Use of Sender's Public Key
© Crown copyright 2002