Security - Certificate authorities (CA) or Trusted Third party (TTP)

> Software Security > Cryptography - Key

1 - About

certificate authorities are the a “gatekeeper” of public and private keys.

They are also known as trusted third party (TTP)

The primary role of the CA is to digitally sign and publish the public key bound to a given user.

A certification authority is a trusted third party that:

  • can issue public and private keys, thus certifying public keys.
  • works as a depository to store key chain and enforce the trust factor.

3 - Procedure

The signature is done using the CA's own private key, so that trust in the user key relies on one's trust in the validity of the CA's key. See Cryptography - Certificate Signing Request

4 - Location

4.1 - Internet

4.1.1 - Centralized Model

In a centralized model, there are two types of certificate authorities (CAs):

  • Certificate Authority Root Certificates. See trusted
  • Intermediate Certificate Authority Certificates (not trusted)

A trusted certificate authority is an entity that has been entitled to verify that someone is effectively who it declares to be. In intermediate CA may ask to create certificate to a trusted one creating a chain of trust.

List of root CA:

  • Verisign,
  • Thawte,
  • Geotrust
  • GoDaddy

4.1.2 - Decentralized Model

see Web of trust

  • PGP

4.2 - Intranet