A means of binding a [[public key]] to an identity. Used in [[asymmetric|public-key encryption]] to prevent attackers spoofing a [[digital signature]]. In this approach, a [[certificate authority]] generates a [[public-key certificate]], certifying the identity of the person claiming the public key. Of course, we still have to be confident in the [[certificate authority|CA]].