資料來源 : Free On-Line Dictionary of Computing
Certificate Authority
(CA or "Trusted Third Party") An entity
(typically a company) that issues {digital certificates} to
other entities (organisations or individuals) to allow them to
prove their identity to others. A Certificate Authority might
be an external company such as {VeriSign} that offers digital
certificate services or they might be an internal organisation
such as a corporate {MIS} department. The Certificate
Authority's chief function is to verify the identity of
entities and issue digital certificates attesting to that
identity.
The process uses {public key cryptography} to create a
"network of trust". If I want to prove my identity to you, I
ask a CA (who you trust to have verified my identity) to
encrypt a {hash} of my signed key with their {private key}.
Then you can use the CA's {public key} to decrypt the hash and
compare it with a hash you calculate yourself. Hashes are
used to decrease the amount of data that needs to be
transmitted. The hash function must be {cryptographically
strong}, e.g. {MD5}.
{(http://home.netscape.com/comprod/server_central/support/faq/certificate_faq.html#11)}.
(1998-03-30)