Certificate Authorities


A CA is a trusted third party who keeps a directory of people's (and organizations') public keys

Bob generates a public and private key pair, and sends the public part, as well as a bunch of personal info, to the CA.
The CA generates a certificate consisting of Bob's personal information, as well as his public key.  The entire certificate is signed with the CA's signature key.

Everyone is assumed to have a copy of the CA's signature key, so they can verify the signature on the certificate.