Kari's Key-Pair

Kari generates a key the same way, using access-gen-elisa.n3.

He gives to Alan via some secure channel

Alan signs it: (Alan-2: "Kari is AC rep of Elisa")

cwm access-elisa.public access-master.private access-sign-member-cert.n3 \
 --think --purge --with "Elisa" > access-eliza.cert

Here, Alan uses the private key which he (alone) has access to and the public key which Kari gave him. access-sign-member-cert.n3 is a rule file which does the signing. It contains, in essence:

{ ?memberName is os:argv of "1".
  ?memberPublicKey a acc:MemberKey.
  { ?memberPublicKey a acc:MemberKey;
        acc:authorityName ?memberName;
        acc:junk "327462sjsdfjsakdhfkjsafd32164321"
   } log:n3String ?signedString.
   ?kp a acc:MasterKeyPair.
   ?k a acc:MasterKey.
   ([is crypto:md5 of ?signedString] ?kp) crypto:sign ?signature
} => {
   ?signedString acc:endorsement [acc:signature ?signature; acc:key ?k]
} .