A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be.

A Certificate Authority might be an external company such as VeriSign that offers digital certificate services or they might be an internal organisation such as a corporate MIS department.

The process uses public key cryptography to create a "network of trust". If I want to prove my identity to you, I ask a CA (who you trust to have verified my identity) to encrypt a hash of my signed key with their private key. Then you can use the CA's public key to decrypt the hash and compare it with a hash you calculate yourself. Hashes are used to decrease the amount of data that needs to be transmitted. The hash function must be cryptographically strong, e.g. MD5