
Trust Anchor
    
    Encyclopedia
    
        In cryptography
, a trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of public key infrastructure
s, X.509
digital certificates and DNSSEC
.
When there is a chain of trust
, usually the top entity to be trusted becomes the trust anchor, it can be for example a certification authority
(CA).
The public key (of the trust anchor) is used to verify digital signatures and the associated data. Furthermore, the public key is used to constrain the types of information for which the trust anchor is authoritative.
A relying party uses trust anchors to determine if a digitally signed object is valid by verifying a digital signature
using the trust anchor's public key, and by enforcing the constraints expressed in the associated data for the trust anchor.
Cryptography
Cryptography  is the practice and study of techniques for secure communication in the presence of third parties...
, a trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of public key infrastructure
Public key infrastructure
Public Key Infrastructure  is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds  public keys with respective user identities by means of a certificate...
s, X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure  and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...
digital certificates and DNSSEC
DNSSEC
The Domain Name System Security Extensions  is a suite of Internet Engineering Task Force  specifications for securing certain kinds of information provided by the Domain Name System  as used on Internet Protocol  networks...
.
When there is a chain of trust
Chain of trust
In computer security, a chain of trust is established by validating each component of hardware and software from the bottom up.  It is intended to ensure that only trusted software and hardware can be used while still remaining flexible.-Introduction:...
, usually the top entity to be trusted becomes the trust anchor, it can be for example a certification authority
Root certificate
In cryptography and computer security, a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority . A root certificate is part of a public key infrastructure scheme...
(CA).
The public key (of the trust anchor) is used to verify digital signatures and the associated data. Furthermore, the public key is used to constrain the types of information for which the trust anchor is authoritative.
A relying party uses trust anchors to determine if a digitally signed object is valid by verifying a digital signature
Digital signature
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...
using the trust anchor's public key, and by enforcing the constraints expressed in the associated data for the trust anchor.


