Certification Paths: Retrieval and Validation

If entities wish to use a public key for encryption or signature verification they must retrieve this key and find out to whom it belongs. If this public key has been certified within a hierarchical PKI, the corresponding certificate must be found. Typically, such a certificate is the last element of a certification path. To verify its validity, the appropriate trust anchor must be found and the certification path must be constructed and verified. In this chapter we explain how this is done.