Generally, a sender sending a data file (e.g., a text file) may execute a digital signing algorithm on the data file using a private key, so as to generate a digital signature. When the data file signed with the digital signature is received by a receiver, the receiver may execute a verifying algorithm to verify the authenticity of the data file, using a public key corresponding with the private key.
In order to ensure that the receiver obtains the authentic public key, a public key infrastructure (PKI) may be involved. In practice, the sender may register at a certificate authority (CA) so as to “bind” the public key to an identity of the sender. Then, the receiver may request from the CA a digital certificate that includes the proper public key bound to the identity of the sender.
In the cases when the private key of the sender is compromised, or when the digital certificate has expired, the sender may need to communicate with the CA in order to update the public key as well as the digital certificate.