Sender Authentication is based on the digital signature. If you can decrypt the signature successfully, it proves that the message come from:
There is three type of authentication:
See also:
For the procedure. see Digital signature procedure
The KeyManager is a program (or function) that decides which authentication credentials should be sent to the remote host for authentication during SSL handshake.
See the dedicated page: What is a certification base authentication (also known as Client certification / Mutual TLS authentication) ?