Secret Key Signatures

The secret key signature concept is a system where by a trusted central authority (Certificate
Authority, or CA) has possession of and knows all users’ secret keys. Thus, each
user must generate a personal key and deposit it with the CA in a manner that does not
reveal it to any third party, as follows:
 Party A wants to send a signed plaintext message (P) to party B.
 Party A generates KA(B, RA, t, P), where t is the timestamp, and sends it to the
CA.
 The CA sees that the message is from A, decrypts it, and sends a message to B.
 The message contains the plaintext of A’s message and is signed KCA(A, t, P).
 The timestamp is used to guard against the replaying of recent messages
reusing RA.

The shortcoming of the secret key system is that all parties who wish to communicate
must trust a common third party—the CA. Not all people wish to do this.