Certificates

To ensure that a public key is authentic (that is, it has not been tampered with by an unauthorized user and does indeed belong to the claimant), the public key is normally signed by a Certification Authority (CA). The result, a digital document called a certificate, can be freely passed around the network. Its authenticity can be verified by anyone holding the CA's signature information; that is, the CA's public key.

Before any form of encrypted communication can begin, the parties involved in the transaction must exchange certificates. This is a manual procedure in that the certificate and possibly the key are provided by the certifying agency on physical media: tape, diskette, or CD-ROM. The user must load them into the system through a command-line interface.