Quiz Entry - updated: 2026.06.12
Public/private key pairs raise two basic trust questions. What are they, and what solves each?
"Whose public key is this?" is answered by digital certificates; "can I trust that binding?" is answered by PKI.
When you receive a public key, two things are unclear:
- Which person/entity does this public key belong to? → solved by a digital certificate, which bundles a public key together with an identity.
- How do I know the public key really belongs to that entity? → solved by a PKI (Public Key Infrastructure), which has a trusted authority vouch for (sign) that binding.
Without these, asymmetric crypto is wide open to the man-in-the-middle substituting their own key.
Tip: Certificate = the claim ("this key belongs to www.hslu.ch"). PKI = the trust system that makes the claim believable (a CA signs it).