There exist two approaches to establish trust between communicating entities: trust based on public keys and trust based on symmetric keys. The first category is used to secure communications between clients and servers over Internet, while the second is used in private networks where clients and servers share symmetric keys with a central entity, called Key Distribution Center.

In the first category, to perform cryptographic operations (e.g. message decryption or signature verification), users of a public key require confidence that the associated private key (used to encrypt or sign) is owned by the legitimate remote entity (person, system, or organization). This confidence is obtained thanks to digital certificates, which are delivered by trusted third parties, called Certificate authorities (CAs).

To better understand the notions relating to digital certificates in the computer-based society, let us take the following example: imagine someone who wants to sell a painting to somebody, who can afford it. The seller claims that the painting is made by a known painter and his/her signature is at the bottom of the painting. The painter’s signature is publicly known. The painting is (very) expensive. The question is: will the buyer take the seller at his/her word? Of course not. He/she requires a certificate (a document), which proves that the signature on the painting is that of the painter. The buyer will ...