[Ilugc] digital signatures in India
Binand Sethumadhavan
binand at gmail.com
Thu Nov 9 12:57:59 IST 2006
On 09/11/06, Joe Steeve <joe_steeve at gmx.net> wrote:
> Binand Sethumadhavan wrote:
> > You don't purchase key pairs from the CA; you purchase certificates.
>
> Aw., I thought a certificate was a public-private key pair signed by the
> CA., certifying the identify of the owner. Did i get it wrong somewhere?
Ah OK. The certificate is only the public key signed by the CA. You
generate the keypair, and send only the public key to the CA - who
certifies your identity and attaches it to the key. What you actually
purchase from the CA is the certificate (certifying that you are who
you claim to be, say securesection.mysite.com or Binand
Sethumadhavan).
I think your initial question was more related to the keypair
generated by tools like gnupg ("Does this mean., that if you purchase
a key-pair from the CA, you'll have to ditch your current key-pair?")?
Gnupg ("web of trust scheme") and the CA-based system ("PKI scheme")
are completely disjoint, PKI is the one that is more practical for
authenticating several thousand clients to a tax-filing website, for
example.
Binand
More information about the ilugc
mailing list