About Public Key Infrastructure

A PKI is an automated system that manages the generation, maintenance, and delivery of encryption and digital signature keys. Together, encryption and digital signature keys provide:

Both key types - encryption and digital signature - have two related components: a public key component that is accessible to all users, and a private key component that must be secured from access by others.

The public key and other identification information is stored in a digital certificate that is digitally signed by a Certification Authority (CA). The CA's digital signature on the digital certificate binds the identity of the end-entity with its public key. It also guarantees that the public key has not been tampered with.

To create a level of assurance or trust in the CA, certain policies and procedures must be followed. One of the main issues is the registration process, which involves how a client is identified and authenticated before a digital certificate is issued.

Certification Policy (CP)

Prior to using CRA PKI-enabled applications, participants should be aware of their rights, obligations and responsibilities contained in the CRA Certificate Policy (PDF, 881KB), especially sections 1.3.3, 1.4, 9.6.3, and 9.6.4.

Page details

Date modified: