LOGBOOK

HELP

Quiz Entry - updated: 2026.06.12

Public/private key pairs raise two basic trust questions. What are they, and what solves each?

"Whose public key is this?" is answered by digital certificates; "can I trust that binding?" is answered by PKI.

When you receive a public key, two things are unclear:

  1. Which person/entity does this public key belong to? → solved by a digital certificate, which bundles a public key together with an identity.
  2. How do I know the public key really belongs to that entity? → solved by a PKI (Public Key Infrastructure), which has a trusted authority vouch for (sign) that binding.

Without these, asymmetric crypto is wide open to the man-in-the-middle substituting their own key.

Tip: Certificate = the claim ("this key belongs to www.hslu.ch"). PKI = the trust system that makes the claim believable (a CA signs it).

From Quiz: ISF / Intercepting & Proxy Tools | Updated: Jun 12, 2026