Electronic mail (“e-mail”) messages may be encoded using one of a number of known protocols. Some of these protocols, such as Secure Multiple Internet Mail Extensions (“S/MIME”) for example, rely on public and private encryption keys to provide confidentiality and integrity, and on a Public Key Infrastructure (PKI) to communicate information that provides authentication and authorization. Data encrypted using a private key of a private key/public key pair can only be decrypted using the corresponding public key of the pair, and vice-versa. The authenticity of public keys used in the encoding of messages is validated using certificates. In particular, if a user of a computing device wishes to encrypt a message before the message is sent to a particular individual, the user will require a certificate for that individual. That certificate will typically comprise the public key of the individual, as well as other identification-related information.
Certificates are digital documents that are typically issued by certification authorities. In order to trust a particular public key, the public key typically needs to be issued by a certification authority that is also trusted, or by an entity associated with the trusted certification authority. The relationship between a trusted certification authority and an issued public key can be represented by a series of related certificates, also referred to as a certificate chain. The certificate chain can be followed to determine the validity of a certificate.
Typically, a certification authority will digitally sign each certificate that it issues, to certify that a specific public key belongs to the purported owner as indicated on the respective certificate. In building certificate chains, the digital signatures on the certificates of the chain often need to be verified. Verification of a digital signature on a certificate is a process that requires the public key of the certification authority that issued the certificate.