CSE logo
Information Technology Security
Home

Government of Canada Public Key
Infrastructure
Annual Canadian ITS
Symposium
Awareness and Education
CAR ITS Strategy
Documentation
Other ITS Services
ITS Links

blank space
How does it work?

A PKI is made up of several central systems known as Certification Authorities (CA). These CAs are logically set up in a tree-like hierarchial structure. Each user's Public Key and identification are placed in a message (certificate). The user's CA will digitally sign each certificate and make the user's Public Key certificate available through publicly accessible bulletin boards (i.e., X.500 Directories) along with all other users' certificates. Therefore any user will be able to get any other user's Public Key from a bulletin board and verify that it is authentic by using the CA's Public Key to verify the CA's signature on the certificate. The CA at the top of the hierarchy will sign the certificates containing the Public Keys of CAs directly subordinate to it and these CAs will sign the certificates of any other CAs below themselves and so on. This process allows Public Keys that are signed by other CAs in the infrastructure to be verified, since a chain of trust has been set up between CAs in the infrastructure.

Français blank space More
Canada logo