Public-private key pair

Every digital certificate contains a public key. The public key and its associated private key, which is not part of the certificate, together make up a key-pair. They were generated at the same time and are mathematically linked. Each certificate that you create has a key-pair.

Note: Signature verification certificates are an exception to this rule. They contain a public key but do not have an associated private key.

A public key is part of the owner's digital certificate and is available for anyone to use. A private key, however, is protected by and available only to the owner of the key. This limited access ensures that communications that use the key are kept secure.

The owner of a certificate can use these keys to take advantage of the cryptographic security features that the keys provide. For example, the certificate owner can use a certificate's private key to "sign" data that is sent between users and servers, such as messages, documents, and code objects. The recipient of the signed object can use the public key that is contained in the signer's certificate to verify the signature. Such digital signatures ensure the reliability of an object's origin and provide a means of checking the integrity of the object.