In cryptography, a trust anchor is an authoritative entity represented via a public key and associated data. It is used in the context of public key infrastructures, X.509 digital certificates and DNSSEC.
When there is a chain of trust, usually the top entity to be trusted becomes the trust anchor, it can be for example a certification authority (CA).
The public key (of the trust anchor) is used to verify digital signatures and the associated data. Furthermore, the public key is used to constrain the types of information for which the trust anchor is authoritative.
A relying party uses trust anchors to determine if a digitally signed object is valid by verifying a digital signature using the trust anchor's public key, and by enforcing the constraints expressed in the associated data for the trust anchor.