CA and manage the certificates for their staff. Members of a
            PKI that belong to different CAs can sign a cross-certification
            agreement; this is in place for the members of one CA to be able
            to recognize the certificates issued by the other CA.



            Putting it all Together

            As can be seen, by the previous sections, cryptography has
            many moving parts and is a fairly complex series of operations.
            In many cases, we will combine several of these parts to
            accomplish various tasks.

            Symmetric encryption algorithms are excellent to provide for
            the confidentiality of large messages but are difficult with key
            management. Therefore we will use symmetric algorithms to
            encrypt the message we want to send.

            Asymmetric algorithms are very slow, but they are excellent to
            use for confidentially sending small messages. Therefore we
            will use them to send the symmetric key to the receiver of the
            encrypted message.

            Hashing algorithms are excellent to ensure message integrity, so
            we will send a hash of the message to ensure the message is not
            changed en route.

            Asymmetric algorithms are excellent to prove proof of origin, so
            we will use them to sign the hash of the message - thereby
            creating a digital signature that can be used to prove both
            message integrity and proof of origin (non-repudiation).