In most Crypto algorithms, we assumed the keys are already known by Alice and Bob. But we need a way to exchange the keys on securely first

• symmertic exchange (not common)
• Asymmetric exchange (very popular)

In Asymmetric exchange, Both sides share public keys and the other side uses the public key and private key, to calculate secret key.

Alice  ------ A -----> Bob
      <-------B------

At Alice
Kab = Fun(a, B)

At Bob
Kab = Fun(b, A)

Diffie–Hellman key exchange (DHKE) Link to heading

The problem how make sure is that Bob is Bob? The good solution using digital signature to sign the public key and Identity. and send certificate which <message, sign(message)>. In this case, sign_Kpr,a(<Kpub,a IDa>) where Kpr is Alice’s private key. This way the receiver needs Kpub to verify the certificate first

Alice ------- X ------>

X = sign(<Kpub,a  IDa>)
Certa = [
 <Kpub,a  IDa>
 sign_Kpr,a(<Kpub,a  IDa>)
] 

Now, the problem is that receiver needs to know Alice’s Kpub which the problem we are trying to solve. Here where certificate authority comes in.

CA generate k_pub_A, k_pr_A

S_a = Sign_Kpr_CA(k_pub_A, ID_A)
Cert_A = <k_pub_A, S_A>

CA sends back Cert_A and k_pr_A

For Alice and Bob to communicate, the key establishment should be done first by exchange Cert_A and Cert_B.

At Alice:
A = K_pub_A
a = K_pr_A

Cert_A = [ (A, ID_A), S_A]
S_A is signature by CA


At Bobe:
B = K_pub_B
b = K_pr_B

Cert_B = [ (B, ID_B), S_B]
S_B is signature by CA


Alice --------- Cert_A ----> Bob
      <--------- Cert_B---- 

At Alice:
verify(Cert_B) and get B.. The verification is using k_pub_CA
Kab = Fun(B, a)

Note that verification of Cert_B will use CA public key k_pub_CA which insures that Cert was generated for B (Bob). Obviously, The certificate distribution has to be secure But this has to one-time thing between Alice and CA.