Main Page | See live article | Alphabetical index

Self-certifying key

In cryptography a self certifying key system (or implicit key system) is one in which both the public key and the certificate are combined as one piece of information. The primary advantage of this system is that it reduces the overhead of having a separate public key and certificate sent with each message.

This system requires a Certificate Authority who has a private/public key pair and also some other publicly available information, when a user wants to generate a key they make a secret and combine it with some of the public information made available by the certificate authority in such a way so that their secret is not revealed. This is then given to the CA who after verifying the user's identity gives the user an implicit certificate which binds the users secret to their identity information. From this the user can generate their private/public key pair.

When the user receives a signed message they can use the CA's public key and the implicit certificate to recover the signer's public key. If the implicit certificate is invalid then the signature will not be verifiable.