Certificate Generation with User-Provided Keys

Alice

CA

generate k pr , A , k pub , A

RQST ( k pub , A , ID A )

−−−−−−−−−−−−→

verify ID A

s A = sig k pr , CA ( k pub , A , ID A )

Cert A =[( k pub , A , ID A ) , s A ]

Cert A

←−−−−−−−−−−−−

From a security point of view, the first transaction is crucial. It must be assured

that Alice's message ( k pub , A , ID A ) is sent via an authenticated channel. Otherwise,

Oscar could request a certificate in Alice's name.

In practice it is often advantageous that the CA not only signs the public keys

but also generates the public-private key pairs for each user. In this case, a basic

protocol looks like this:

Certificate Generation with CA-Generated Keys

Alice

CA

RQST ( ID A )

−−−−−−−−−−−−→

request certificate

verify ID A

generate k pr , A , k pub , A

s A = sig k pr , CA ( k pub , A , ID A )

Cert A =[( k pub , A , ID A ) , s A ]

Cert A , k pr , A

←−−−−−−−−−−−−

For the first transmission, an authenticated channel is needed. In other words:

The CA must be assured that it is really Alice who is requesting a certificate, and

not Oscar who is requesting a certificate in Alice's name. Even more sensitive is the

second transmission consisting of (Cert A , k pr , A ). Because the private key is being

sent here, not only an authenticated but a secure channel is required. In practice,

this could be a certificate delivered by mail on a CD-ROM.

Before we discuss CAs in more detail, let's have a look at the DHKE which is

protected with certificates: