Trust anchor

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Trust anchor — in cryptographic systems with hierarchical structure is an authoritative entity for which trust is assumed and not derived.[1]

In X.509 architecture, a root certificate would be the trust anchor from which whole chain of trust is derived. The trust anchor must be in possession of the trusting party beforehand to make any further certificate path validation possible.

In most operating systems, the trust anchor is a collection of X.509 certificates of certification authorities that come preinstalled with the operating system, or is built into an application (such as web browser).


  1. ^ "Trust Anchor Format". RFC 5914. IETF. Retrieved February 21, 2013.