A PKI is an automated system that manages the generation, maintenance, and delivery of encryption and digital signature keys. Together, encryption and digital signature keys provide:
Both key types encryption and digital signature have two related components: a public key component that is accessible to all users, and a private key component that must be secured from access by others.
The public key and other identification information is stored in a digital certificate that is digitally signed by a Certification Authority (CA). The CA's digital signature on the digital certificate binds the identity of the end-entity with its public key. It also guarantees that the public key has not been tampered with.
To create a level of assurance or trust in the CA, certain policies and procedures must be followed. One of the main issues is the registration process, which involves how a client is identified and authenticated before a digital certificate is issued.
Certification Policy (CP)
Prior to using CRA PKI-enabled applications, participants should be aware of their rights, obligations and responsibilities contained in the CRA Certificate Policy (PDF, 611KB), especially sections 1.3.3, 1.4, 9.6.3, and 9.6.4.