The Public Key Certification API
The DCE Certification Service application programming interface can be used to store and retrieve public keys on behalf of users and applications. DCE permits the use of public keys as part of the public key authentication protocol that works via public and private key pairs. Messages encrypted under one of the keys can be decrypted using the other (and vice versa); but messages cannot be encrypted and decrypted by using the same key. The certification service is used by a certifying authority to certify the authenticity of distributed public keys. Two policy modules are provided with DCE release 1.2.2 that can be used by developers to implement a certification authority.